- Daily - CERT.at

Tageszusammenfassung - Donnerstag 2-02-2017
by Daily end-of-shift report 02 Feb '17

02 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-02-2017 18:00 − Donnerstag 02-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DSA-3780 ntfs-3g - security update *** --------------------------------------------- Jann Horn of Google Project Zero discovered that NTFS-3G, a read-writeNTFS driver for FUSE, does not scrub the environment before executingmodprobe with elevated privileges. A local user .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3780 *** Netherlands reverts to hand-counted votes to quell security fears *** --------------------------------------------- Windows XP? SHA-1? USB sneakernet? What were they thinking? Or smoking? The Netherlands has decided its vote-counting software isnt ready for prime time, and will revert to .. --------------------------------------------- www.theregister.co.uk/2017/02/02/netherlands_reverting_to_handcounted_votes… *** Extrem kritische Lücke in Ciscos Prime Home könnte unzählige Router gefährden *** --------------------------------------------- Internet- und Service-Anbieter sollten zügig ein Sicherheitsupdate für Cisco Prime Home installieren. Angreifer könnten Geräte mit wenig Aufwand missbrauchen und von da aus Router von Kunden übernehmen. --------------------------------------------- https://heise.de/-3615465 *** Gmail Drops Support for Windows XP and Vista Users on Chrome *** --------------------------------------------- Google says that starting with February 8, Chrome users will have to use version 54 or 55 (current) if they want to access their Gmail accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/software/gmail-drops-support-for-wind… *** DDoS attacks in Q4 2016 *** --------------------------------------------- 2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, .. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/77412/ddos-attacks… *** Jugendliche gehen schludrig mit Passwörtern um *** --------------------------------------------- Der Sicherheitsbewusstsein von österreichischen Jugendlichen und Unter-30-Jährigen ist schlecht ausgeprägt. Jeder Zweite hat sein Passwort schon einmal weitergegeben. --------------------------------------------- https://futurezone.at/digital-life/jugendliche-gehen-schludrig-mit-passwoer… *** Security: Der Secret Service gibt Tipps für Rechenzentrumsbetreiber *** --------------------------------------------- Ein Rechenzentrum behandeln wie das Weiße Haus? Diesen Tipp gab ein ehemaliger Mitarbeiter des Secret .. --------------------------------------------- http://www.golem.de/news/security-der-secret-service-gibt-tipps-fuer-rechen… *** KopiLuwak: A New JavaScript Payload from Turla *** --------------------------------------------- A new, unique JavaScript payload is now being used by Turla in targeted attacks. This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents. --------------------------------------------- http://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payloa… *** Hackerangriff auf Tschechiens Außenamt offenbar größer als gedacht *** --------------------------------------------- http://derstandard.at/2000052006680 *** Panne bei Handysignatur: Dokumentenname einsehbar *** --------------------------------------------- Laut "Die Presse" waren 14 Stunden lang der Name aller unterzeichneten Dokumente abrufbar --------------------------------------------- http://derstandard.at/2000052007651 *** Microsoft Windows SMB Tree Connect Response memory corruption vulnerability *** --------------------------------------------- Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system. --------------------------------------------- http://www.kb.cert.org/vuls/id/867968

1 0

Tageszusammenfassung - Mittwoch 1-02-2017
by Daily end-of-shift report 01 Feb '17

01 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 31-01-2017 18:00 − Mittwoch 01-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** BINOM3 Electric Power Quality Meter *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01 *** Ecava IntegraXor *** --------------------------------------------- This advisory contains mitigation details for an SQL injection vulnerability in the Ecava IntegraXor web server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02 *** "Ändere-dein-Passwort-Tag": Pro und Contra Passwortwechsel *** --------------------------------------------- Ist es sinnvoll, sein Passwort regelmäßig und vorsichtshalber zu ändern? Was in einigen Firmen verpflichtent ist, ist in Security-Kreisen umstritten. Unter Umständen kann das sogar kontraproduktiv sein. --------------------------------------------- https://heise.de/-3613327 *** Cerber tops Windows 10 ransomware charts *** --------------------------------------------- Crims aimed for a Christmas Number One and scored Net scum behind the Cerber ransomware have been pounding enterprises infecting more corporate machines than any other, according to Microsoft.… --------------------------------------------- www.theregister.co.uk/2017/02/01/cerber_windows_10/ *** We need to talk about Granny: Shes way more likely to fall for phishing *** --------------------------------------------- If you want to catch as many people as you can, go for the old legal razzle dazzle Usenix Enigma 2017 Research has shown that older people – particularly older .. --------------------------------------------- www.theregister.co.uk/2017/02/01/why_old_women_biggest_phishing_victims/ *** Quick Analysis of Data Left Available by Attackers, (Wed, Feb 1st) *** --------------------------------------------- While hunting for interesting cases, I found the following phishing email mimicking an UPS delivery notification: When you click on the link, you are redirected to the .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22015 *** Popular PlayStation and Xbox Gaming Forums Hacked; 2.5 Million Users Data Leaked *** --------------------------------------------- Do you own an account on one of the two hugely popular PlayStation and Xbox gaming forums? Your details may have been exposed, as it has been revealed that the two .. --------------------------------------------- http://thehackernews.com/2017/01/gaming-forum-hacking.html *** Nächstes Hacker-Ziel: Ihr Hirn *** --------------------------------------------- Neue Gehirn-Computer-Schnittstellen bringen die Gefahr von Hirn-Malware mit sich. Was wie eine Postillon-Schlagzeile klingt, beschäftigt ernsthafte Sicherheitsforscher. --------------------------------------------- https://heise.de/-3613672 *** Hacker Phineas Fisher dementiert, verhaftet worden zu sein *** --------------------------------------------- Katalanische Behörden hatten nach Hausdurchsuchungen mehrere Personen festgenommen --------------------------------------------- http://derstandard.at/2000051907276 *** Insiderhandel: Mitarbeiter verkaufen Firmengeheimnisse im Darknet *** --------------------------------------------- Auf illegalen Online-Marktplätzen werden derzeit offenbar gezielt Insider angeworben, um mit deren Informationen kriminelle Geschäfte zu ermöglichen. Die Bandbreite .. --------------------------------------------- http://www.golem.de/news/insiderhandel-mitarbeiter-verkaufen-firmengeheimni… *** Hacker One: Die Sicherheitslücken der US-Armee *** --------------------------------------------- Sicherheitsforscher hatten einen Monat Zeit, um die US-Armee zu hacken. 118 Sicherheitslücken wurden gefunden und beseitigt. Eine davon ermöglichte den Zugriff auf ein .. --------------------------------------------- http://www.golem.de/news/hacker-one-die-sicherheitsluecken-der-us-armee-170… *** Cisco Prime Home Authentication Bypass Vulnerability *** --------------------------------------------- A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Disclosure of Additional Security Fix in WordPress 4.7.2 *** --------------------------------------------- WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately. In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional .. --------------------------------------------- https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-securit…

1 0

Tageszusammenfassung - Dienstag 31-01-2017
by Daily end-of-shift report 31 Jan '17

31 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-01-2017 18:00 − Dienstag 31-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Printer Security *** --------------------------------------------- TL;DR: In this blog post we give an overview of attack scenarios based on network printers, and show the possibilities of an attacker who has access to a vulnerable printer. We present our evaluation of 20 different printer models and show that each of .. --------------------------------------------- https://web-in-security.blogspot.co.at/2017/01/printer-security.html *** CVE-2017-5521: Bypassing Authentication on NETGEAR Routers *** --------------------------------------------- Home routers are the first and sometimes last line of defense for a network. Despite this fact, many manufacturers of home routers fail to properly audit their devices for security issues before releasing them to the market. As security researchers, .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassin… *** Erpressungs-Trojaner Sage nutzt Bleeding-Edge-Krypto-Funktionen *** --------------------------------------------- Eine neue Ransomware-Familie orientiert sich bei der Verschlüsselung mit Curve25519 und ChaCha20 am oberen Ende des derzeit zur Verfügung stehenden Repertoires von Krypto-Funktionen. --------------------------------------------- https://heise.de/-3610664 *** DSA-3776 chromium-browser - security update *** --------------------------------------------- https://www.debian.org/security/2017/dsa-3776 *** HTTPS: Das halbe Web ist nun verschlüsselt *** --------------------------------------------- Verschlüsselter Traffic überholt laut Mozilla unverschlüsselte Verbindungen – Anstieg um zehn Prozent in einem Jahr --------------------------------------------- http://derstandard.at/2000051841631 *** We see you, ransomware flingers, testing out your baddest stuff on... Germany? *** --------------------------------------------- Securobods file data hostage report A security firm has floated the theory that malware authors are using German firms as a testing ground for their wares prior to wider distribution. --------------------------------------------- www.theregister.co.uk/2017/01/31/ransomware_sitrep_report/ *** Google zahlte letztes Jahr drei Millionen Dollar an Sicherheitsforscher *** --------------------------------------------- Mehr als je zuvor im Bug-Bounty-Programm – Je Fast eine Million für Android- und Chrome-Bugs --------------------------------------------- http://derstandard.at/2000051858649 *** Sicherheitsupdate: Angreifer könnten Sophos Web Appliance über Kommandozeile entern *** --------------------------------------------- Wer sein Netzwerk mit der Web Appliance von Sophos abschottet, sollte zügig prüfen, ob die aktuelle Software in Version 4.3.1 schon verfügbar ist. Diese Ausgabe schließt zwei Sicherheitslücken. --------------------------------------------- https://heise.de/-3612070 *** Sophisticated cyber attacks increase, while overall volume falls *** --------------------------------------------- NTT quarterly report highlights rise in sophistication but 35 per cent drop in overall attack volumes in Q4 2016 --------------------------------------------- https://www.htbridge.com/blog/sophisticated-cyber-attacks-increase-while-ov… *** Viele Lücken in tcpdump – Bedrohungen noch nicht in Gänze geklärt *** --------------------------------------------- Die aktuelle Version des Netzwerk-Sniffers rüstet sich gegen zahlreiche Schwachstellen, ist aber noch nicht überall verfügbar. --------------------------------------------- https://heise.de/-3612240 *** Tschechische Regierung meldet Hackerangriff auf E-Mail-Konten *** --------------------------------------------- Experten sollen Parallelen zu Hackerangriff auf Demokratische Partei in den USA vergangenes Jahr sehen --------------------------------------------- http://derstandard.at/2000051866541-406 *** Nested, Targeted Attacks Built for Reconnaissance *** --------------------------------------------- Researchers say NATO members were targeted for reconnaissance over the holidays by attacks using malicious OLE objects. --------------------------------------------- http://threatpost.com/nested-targeted-attacks-built-for-reconnaissance/1234… *** Usenix Enigma: Mit Sensorenmanipulation das Internet of Things verwirren *** --------------------------------------------- Autonome Systeme verlassen sich auf Sensoren, um ihre Umwelt zu verstehen. Ein Wissenschaftler hat auf der Sicherheitskonferenz Usenix Enigma demonstriert, wie sich .. --------------------------------------------- http://www.golem.de/news/usenix-enigma-mit-sensorenmanipulation-das-interne…

1 0

Tageszusammenfassung - Montag 30-01-2017
by Daily end-of-shift report 30 Jan '17

30 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-01-2017 18:00 − Montag 30-01-2017 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Dridex Returns With Windows UAC Bypass Method *** --------------------------------------------- Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user. --------------------------------------------- http://threatpost.com/dridex-returns-with-windows-uac-bypass-method/123420/ *** What Keeps My Honeypot Busy These Days, (Fri, Jan 27th) *** --------------------------------------------- Sometimes, it isnt the new and sophisticated attacks that keep your honeypots (and with that: you) busy, but things that make you go that works?. Looking over my honeypot today, I had a couple experiences like this. First of all, the old TR-064 NTP Server exploit that became big news when the Mirai botnet adopted it. Since then, most of the servers that hosted the follow-up code no longer deliver. But this doesnt prevent thousands of existing bots to persistently attempt the exploit. In... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21995&rss *** ATM "Shimmers" Target Chip-Based Cards *** --------------------------------------------- Several readers have called attention to warnings coming out of Canada about a supposed new form of ATM skimming called "shimming." Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Heres a brief primer on shimming attacks, and why they succeed. --------------------------------------------- https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/ *** Request for Packets and Logs - TCP 5358, (Sat, Jan 28th) *** --------------------------------------------- pStarting Sunday (22 Jan 17), there was a huge spike this week against TCP 5358. If anyone has logs or packets (traffic) that might help identify what it is can submit them via our a href="https://isc.sans.edu/contact.html"contact/a page would be appreciated. This is a snapshot as to what was reported so far this week in DShield./p p width:500px" //p p[1] https://isc.sans.edu/contact.html/p p-----------br / Guy Bruneau a href="http://www.ipss.ca/"IPSS Inc./abr / --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21997&rss *** Adblock Plus: Staatsanwaltschaft durchsucht Werbeblocker-Anbieter Eyeo *** --------------------------------------------- Der Kölner Adblocker-Anbieter Eyeo hat nun auch Ärger mit der Justiz. Hintergrund dürfte der Streit über die Frage sein, wer für die Erstellung von Filterregeln in der Easylist verantwortlich ist. --------------------------------------------- http://www.golem.de/news/adblock-plus-staatsanwaltschaft-durchsucht-werbebl… *** XSender: The Source of All the Recent XMPP Spam *** --------------------------------------------- In recent months, security researchers, hackers, and other dwellers of the cyber-criminal underground have noticed an uptick in XMPP (formerly Jabber) spam. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/xsender-the-source-of-all-th… *** Facebook: Sicheres Einloggen per USB-Stick *** --------------------------------------------- Die Zwei-Faktor-Authentifizierung bei Facebook kann nun auch per Fido-USB-Sticks oder NFC-Tags erfolgen. --------------------------------------------- https://futurezone.at/digital-life/facebook-sicheres-einloggen-per-usb-stic… *** A Shakeup in Russia's Top Cybercrime Unit *** --------------------------------------------- A chief criticism I heard from readers of my book, Spam Nation: The Inside Story of Organized Cybercrime, was that it dealt primarily with petty crooks involved in petty crimes, while ignoring more substantive security issues like government surveillance and cyber war. But now it appears that the chief antagonist of Spam Nation is at the dead center of an international scandal involving the hacking of U.S. state electoral boards in Arizona and Illinois, the sacking of Russias top cybercrime... --------------------------------------------- https://krebsonsecurity.com/2017/01/a-shakeup-in-russias-top-cybercrime-uni… *** Überwachungskameras von Washington DC mit Ransomware infiziert *** --------------------------------------------- Nur acht Tage vor Trumps Angelobung wurde das Netzwerk der Überwachungskameras in der US-Hauptstadt angegriffen und teilweise lahmgelegt. --------------------------------------------- https://futurezone.at/digital-life/ueberwachungskameras-von-washington-dc-m… *** Google auf dem Weg zur unabhängigen Root-CA *** --------------------------------------------- Künftig will das Unternehmen über den Google Trust Service eigene SSL-/TLS-Zertifikate ausstellen. Diese sollen bei Google-Diensten und Angeboten des Google-Mutterkonzerns Alphabet zum Einsatz kommen. --------------------------------------------- https://heise.de/-3610041 *** Averting ransomware epidemics in corporate networks with Windows Defender ATP *** --------------------------------------------- Microsoft security researchers continue to observe ransomware campaigns blanketing the market and indiscriminately hitting potential targets. Unsurprisingly, these campaigns also continue to use email and the web as primary delivery mechanisms. Also, it appears that most corporate victims are simply caught by the wide nets cast by ransomware operators. Unlike cyberespionage groups, ransomware operators do... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epi… *** Kritische Lücke in WebEx: Cisco stellt offensichtlich finale Sicherheitsupdates bereit *** --------------------------------------------- Nach mehreren vermeintlich abgesicherten Version von WebEx hat Cisco nun eigenen Angaben zufolge vollwertige Sicherheitsupdates veröffentlicht. Einige Unklarheiten bleiben aber. --------------------------------------------- https://heise.de/-3610749 *** [2017-01-30] XSS and CSRF vulnerabiliies in multiple Ubiquiti Networks products *** --------------------------------------------- Many products of Ubiquiti Networks are affected by a cross site scripting vulnerability. Malicious JavaScript code can be executed in the browser of the user. Furthermore, different actions on the system can be triggered by CSRF attacks. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0 *** --------------------------------------------- Microsoft is aware of a security vulnerability in the public version of ASP.NET Core MVC 1.1.0 where a malformed HTTP request could lead to a denial of service. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/4010983 *** Cryptkeeper Sets the same password "p" for everything independently of user input *** --------------------------------------------- https://www.reddit.com/r/netsec/comments/5r16na/cryptkeeper_sets_the_same_p… *** DSA-3775 tcpdump - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in tcpdump, a command-linenetwork traffic analyzer. These vulnerabilities might result in denialof service or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3775 *** TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities *** --------------------------------------------- The administration interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed via the redirect_url GET parameter is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5393.php *** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF *** --------------------------------------------- SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5392.php *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009714 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in SSL affects IBM DataPower Gateways (CVE-2016-8610) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997209 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21997764 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 27-01-2017
by Daily end-of-shift report 27 Jan '17

27 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-01-2017 18:00 − Freitag 27-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Zbot with legitimate applications on board *** --------------------------------------------- Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader - a downloader installing on the victim machine a ZeuS-based malware. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/01/zbot-with-legitimate-appli… *** Phishers unleash simple but effective social engineering techniques using PDF attachments *** --------------------------------------------- The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We're seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks that attempt to steal your email credentials. Apparently, the... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple… *** Hintergrund: So hacken Maschinen *** --------------------------------------------- Team Shellphish war einer der Teilnehmer der Cyber Grand Challenge der DARPA; jetzt beschreiben sie ihren Mechanical Phish und dessen Strategie. --------------------------------------------- https://heise.de/-3608169 *** Bezahlung oder Kontosperre: Nationalbank warnt vor Telefonbetrug *** --------------------------------------------- Unbekannte fälschen Telefonnummer von Bank und Anwalt, um Opfer unter Druck zu setzen --------------------------------------------- http://derstandard.at/2000051638010 *** Security for Privacy on Data Protection Day *** --------------------------------------------- On 28th January, ENISA joins 47 countries of the Council of Europe and the EU institutions, agencies and bodies, to celebrate the 11th annual European Data Protection Day. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-pr… *** Sicherheitsupdate: Entwickler von TigerVNC raten zur zügigen Aktualisierung *** --------------------------------------------- Durch das Ausnutzen einer Lücke könnten Angreifer im Zuge einer Virtual-Network-Computing Session Clients kapern. --------------------------------------------- https://heise.de/-3609051 *** Cisco starts patching critical flaw in WebEx browser extension *** --------------------------------------------- Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx... --------------------------------------------- http://www.cio.com/article/3162014/security/cisco-starts-patching-critical-… *** Heartbleed: (Almost) three years later *** --------------------------------------------- Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets. I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are based on the list of domains under the Austrian ccTLD .at. We published a first report on these results in the summer of 2014. Were close to the three... --------------------------------------------- http://www.cert.at/services/blog/20170127160051-1894_en.html *** Security Advisory: OpenSSH vulnerability CVE-2016-10011 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24324390.html?… *** IDM 4.5 Midrange BiDirectional Driver 201611271513 *** --------------------------------------------- Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.5 or higher. Driver version will show i5os Driver Version 4.5 Build Date 201611271513.To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)This patch also requires the driver activation from IDM 4.5Document ID: 5271130Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45midrange20161127.tar.gz (47.54 MB)Products:Identity Manager 4.0.2Identity... --------------------------------------------- https://download.novell.com/Download?buildid=lY8lK_WKOeQ~ *** Bugtraq: ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/540060 *** Vuln: EMC PowerPath Virtual (Management) Appliance CVE-2016-0890 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95832 *** Eaton ePDU Path Traversal Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in certain legacy Eaton ePDUs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01 *** Belden Hirschmann GECKO *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in Beldens Hirschmann GECKO switch. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02 *** RSA Web Threat Detection Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037726 *** Vuln: Terminal Services Agent CVE-2017-5328 Spoofing Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95823 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542) *** http://www.ibm.com/support/docview.wss?uid=swg21994101 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099533 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System Networking Switch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099505 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM System Networking RackSwitch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099506 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 26-01-2017
by Daily end-of-shift report 26 Jan '17

26 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 25-01-2017 18:00 − Donnerstag 26-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** VirLocker's comeback; including recovery instructions *** --------------------------------------------- Virlocker is back, the nightmare is still real. But we have found a way to at least recover your important files even if the affected machine can be considered a loss.Categories: Malware Threat analysisTags: file infectingfile recoverymalwarepolymorphicransomwareself propagatingVirLockVirlocker(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/01/virlockers-comeback-i… *** Cisco WebEx code execution hole - what you need to know *** --------------------------------------------- Googles Project Zero found a serious hole in Ciscos WebEx browser extension that is nearly but not yet fully fixed. Heres what to do. --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/XBY4vnKgI4U/ *** Powerful Android RAT impersonates Netflix app *** --------------------------------------------- Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. The latest example of this is the fake Netflix app spotted by Zscaler researchers. The fake app looks genuine at first glance, as it sports the same icon the actual legitimate Netflix app uses. But once it is installed on a smartphone or tablet and the victim clicks on it, it vanishes from... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/26/android-rat-netflix-app/ *** Android VPN Apps Caught Intercepting Traffic, Failing to Encrypt *** --------------------------------------------- New research released this week reveals that a large chunk of today Android VPN clients are a serious security and privacy risk, with some clients failing to encrypt traffic, and some even injecting ads in a customers browsing experience. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-vpn-apps-caught-inte… *** Shamoon disk-wiping attackers can now destroy virtual desktops, too *** --------------------------------------------- Mystery malware begins targeting a key disk-wiping defense. --------------------------------------------- https://arstechnica.com/security/2017/01/shamoon-disk-wiping-malware-can-no… *** Analysis of new Shamoon infections *** --------------------------------------------- All of the initial analysis pointed to Shamoon emerging in the Middle East. This however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 Shamoon incidents had been reported from public to private sector. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/26/shamoon-infections/ *** Gefälschte A1-Phishingmail: Neue Messaging-Plattform *** --------------------------------------------- Kriminelle versenden eine gefälschte A1 Online-Nachricht. Sie hat das Betreff "Maßnahme erforderlich: Neue Messaging-Plattform" und fordert von Empfänger/innen, dass sie ihre Zugangsdaten auf einer Website bekannt geben. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-a1-phishingmail-neue… *** OpenSSL Security Advisory [26 Jan 2017] *** --------------------------------------------- Truncated packet could crash via OOB read (CVE-2017-3731) Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) Montgomery multiplication may produce incorrect results (CVE-2016-7055) Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. --------------------------------------------- https://www.openssl.org/news/secadv/20170126.txt *** DFN-CERT-2017-0154: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0154/ *** IETF IPv6 Protocol CVE-2016-10142 Denial of Service Vulnerability *** --------------------------------------------- CVE-2016-10142 kernel - IPV6 fragmentation flaw https://bugzilla.redhat.com/show_bug.cgi?id=1415908 --------------------------------------------- Generation of IPv6 Atomic Fragments Considered Harmful https://tools.ietf.org/html/rfc8021 --------------------------------------------- http://www.securityfocus.com/bid/95797/ *** Security Advisory: TMM vulnerability CVE-2016-9249 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71282001.html?… *** Bugtraq: ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/540050 *** Vuln: Multiple TIBCO Products CVE-2017-3180 Multiple Unspecified Cross-Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95699 *** Vuln: Autodesk FBX-SDK CVE-2016-9307 Multiple Buffer Overflow Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95802 *** Vuln: Autodesk FBX-SDK CVE-2016-9304 Multiple Buffer Overflow Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95799 *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple IBM Websphere Application Server (WAS) vulnerabilities (CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 ) *** --------------------------------------------- Multiple vulnerabilities have been identified in the IBM Websphere Application Server (WAS) that is embedded in IBM FSM. This update addresses these issues. CVE(s): CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs for... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024555 *** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities *** --------------------------------------------- IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries CVE(s): CVE-2014-3574, CVE-2014-3529, CVE-2016-5000 Affected product(s) and affected version(s): IBM Forms Experience Builder 8.5 IBM Forms Experience Builder 8.5.1 IBM Forms Experience Builder 8.6 Refer to the following reference URLs for remediation and... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21997296 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) *** --------------------------------------------- There are multiple vulnerabilities in IBM Runtime Environment Java Version 1.5 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in January and April 2016. This Bulletin addresses these vulnerabilities. CVE(s): CVE-2015-7575, CVE-2016-0448, CVE-2016-0475, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-0264, CVE-2016-3426 Affected product(s) and affected version(s): Flex... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024558

1 0

Tageszusammenfassung - Mittwoch 25-01-2017
by Daily end-of-shift report 25 Jan '17

25 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-01-2017 18:00 − Mittwoch 25-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Kritische Sicherheitslücke in der Webshop-Software Shopware *** --------------------------------------------- Die vor allem in Deutschland beliebte Software aus Schöppingen hat eine Schwachstelle, über die Angreifer beliebigen Schadcode ausführen können. --------------------------------------------- https://heise.de/-3606627 *** VB2016 paper: Great crypto failures *** --------------------------------------------- Crypto is hard, and malware authors often make mistakes. At VB2016, Check Point researchers Yaniv Balmas and Ben Herzog discussed the whys and hows of some of the crypto blunders made by malware authors. Today, we publish their paper and the recording of their presentation. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/01/vb2016-paper-great-crypto-fa… *** Call for Papers: VB2017 *** --------------------------------------------- We have opened the Call for Papers for VB2017. We are particularly interested in receiving submissions from those working outside the security industry itself. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/01/call-papers-vb2017/ *** Malicious SVG Files in the Wild, (Tue, Jan 24th) *** --------------------------------------------- In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people [1]. SVG files (or Scalable Vector Graphics) are vector images that can be displayed in most modern browsers (natively or via a specific plugin). More precisely, Internet Explorer 9 supports the basic SVG feature sets and IE10 extended the support by adding SVG 1.1 support. In the Microsoft Windows operating system,SVG files are handled by Internet Explorer by default. From a file format point... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21971&rss *** Sicherheitspatch: Western Digital My Cloud Mirror empfänglich für Schadcode *** --------------------------------------------- Besitzer des Netzwerkspeichers sollten aus Sicherheitsgründen prüfen, dass sie die aktuelle Firmware installiert haben. --------------------------------------------- https://heise.de/-3606909 *** Trojan Transforms Linux Devices into Proxies for Malicious Traffic *** --------------------------------------------- Security researchers have uncovered a new trojan that targets Linux devices that is capable of transforming infected machines into proxy servers and relay malicious traffic, hiding the true origin of attacks or other nefarious activities. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/trojan-transforms-linux-devi… *** Capturing Pattern-Lock Authentication *** --------------------------------------------- Interesting research -- "Cracking Android Pattern Lock in Five Attempts": Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed u sing a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer... --------------------------------------------- https://www.schneier.com/blog/archives/2017/01/capturing_patte.html *** Wartungsarbeiten Dienstag, 31. 1. 2017 *** --------------------------------------------- http://www.cert.at/services/blog/20170125134029-1890.html *** Detecting threat actors in recent German industrial attacks with Windows Defender ATP *** --------------------------------------------- When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of malware as their main implant, giving them persistent access to the conglomerate's network as early... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors… *** Lücke in Samsung-Handys: Endlos-Bootschleife durch Killer-SMS *** --------------------------------------------- Samsung hat eine Lücke in älteren Geräten gestopft, die missbraucht werden kann, diese in eine Bootschleife zu versetzen und Angreifern wahrscheinlich auch die Möglichkeit gibt, Schadcode auszuführen. Geräte anderer Hersteller sind wohl noch verwundbar. --------------------------------------------- https://heise.de/-3607266 *** DFN-CERT-2017-0142: Mozilla Firefox, Firefox ESR, Tor Browser: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0142/ *** IDM 4.5 SAP User Driver Version 4.0.1.0 *** --------------------------------------------- Abstract: Patch update for the NetIQ Identity Manager SAP User Manager driver with the SAP JCO version 3. This patch will take the driver version to 4.0.1.0. You must have IDM 4.5 or later to use this driver. You should only use this patch if you are using SAP JCO3. It will not work with SAP JCO2. NetIQ recommends that users of SAP JCO2 transition to SAP JCO3 and use the IDM SAP User Manager driver for JCO3. Future versions of IDM do not support SAP JCO2.Document ID: 5269090Security Alert:... --------------------------------------------- https://download.novell.com/Download?buildid=juq3iF7EF5o~ *** Citrix Provisioning Services Multiple Security Updates *** --------------------------------------------- https://support.citrix.com/article/CTX219580 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- https://support.citrix.com/article/CTX220112 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability affecting FileNet Content Manager and IBM Content Foundation (CVE-2013-5462) *** http://www.ibm.com/support/docview.wss?uid=swg21994241 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector for SAP Applications (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996483 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Enterprise Content Management System Monitor *** http://www-01.ibm.com/support/docview.wss?uid=swg21997196 --------------------------------------------- *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Authentication Bypass Vulnerability in the Find Phone Function of some Huawei Smart Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Security Advisory - Two Security Vulnerabilities in Huawei EMUI *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Security Advisory - Improper Permission Control Vulnerability in Huawei Vmall Alert Service *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Browser Extension Remote Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** HP Security Bulletins *** --------------------------------------------- *** Bugtraq: [security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information *** http://www.securityfocus.com/archive/1/540044 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access *** http://www.securityfocus.com/archive/1/540048 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) *** http://www.securityfocus.com/archive/1/540047 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities *** http://www.securityfocus.com/archive/1/540046 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 24-01-2017
by Daily end-of-shift report 24 Jan '17

24 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-01-2017 18:00 − Dienstag 24-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Java: Das Ende von MD5 und SHA-1 naht *** --------------------------------------------- Oracle hat angekündigt, dass mit seinem nächsten Quartalsupdate MD5 für die Signatur von JAR-Paketen ausgemustert wird. Ebenso soll das JDK nur noch in Ausnahmen SHA-1-Zertifikate anerkennen. --------------------------------------------- https://heise.de/-3606356 *** Elga ist laut Experten leicht zu hacken *** --------------------------------------------- Personal braucht für Zugriff nur ein Passwort. Das sei zu wenig, warnt ein Fachmann. --------------------------------------------- https://kurier.at/chronik%2Foesterreich/elga-ist-laut-experten-leicht-zu-ha… *** Sicherheitsupdate: Apple patcht Root-Exploits für fast alle Plattformen *** --------------------------------------------- Apple hat umfangreiche Sicherheitsupdates für alle Plattformen herausgegeben. Ein Root-Exploit im Kernel betrifft zahlreiche Geräte, darüber hinaus gibt es viele Fehler in Webkit und in verschiedenen Bibliotheken. --------------------------------------------- http://www.golem.de/news/sicherheitsupdate-apple-patcht-root-exploits-fuer-… *** Charger mobile ransomware steals contacts and SMS messages *** --------------------------------------------- Check Point's mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger. Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user's device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment. Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/24/charger-mobile-ransomware/ *** Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution *** --------------------------------------------- TL;DR: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target users system. --------------------------------------------- https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 *** Microsoft Reveals Windows Defender Security Center Scheduled for Creators Update *** --------------------------------------------- The Windows 10 Creators Update scheduled for launch later this year will include an upgrade of the default Windows Defender antivirus, which will feature a new settings panel named the Windows Defender Security Center. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-windows-d… *** Furby Rickroll demo: what fresh hell is this? *** --------------------------------------------- Toy-makers, please quit this rubbish, youre NO GOOD at security Heres your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/24/furby_rickr… *** HummingBad Android Malware Found in 20 Google Play Store Apps *** --------------------------------------------- HummingBad, an Android malware estimated to have touched over 85 million devices worldwide, was recently found in 46 new applications, 20 of which had even made their way into the official Play Store, passing Googles security checks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/hummingbad-android-malware-f… *** Advice to a New SCADA Engineer *** --------------------------------------------- Target Audience As I have come in contact with those new to industrial control systems - whether they be supervisor control and data acquisition (SCADA) systems, building automation, process automation, or what not - I have come to the conclusion that whether the individual is trade school educated or college educated, they are not prepared... --------------------------------------------- http://resources.infosecinstitute.com/advice-to-a-new-scada-engineer/ *** How to Have Fun With IPv6 Fragments and Scapy, (Mon, Jan 23rd) *** --------------------------------------------- I may extend this with a second entry later this week. But as so often, I found myself on a long flight with some time on my hands, and since the IETF just released a new RFC regarding IPv6 atomic fragments, I figured I will play a bit with scapy to kill time. [1] And well, this also makes good material for my IPv6 class [2]. This is supposed to entice you to play and experiment. Let me know if you find anything neat. Fragmentation is a necessary evil of packet networking. Packets will... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21963&rss *** Gefälschte A1 Online-Rechnung verbirgt Schadsoftware *** --------------------------------------------- Kriminelle versenden eine gefälschte A1 Online-Rechnung. Darin nennen sie ein hohes Verbindungsentgelt und das verbrauchte Datenvolumen. Der Nachricht ist die Datei "rechnung_1.zip" beigefügt. Sie verbirgt Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-onl… *** Ein Jahr alte Root-Schwachstelle in Systemd aufgetaucht *** --------------------------------------------- Die Entwickler des Init-Systems Systemd haben im vergangenen Jahr eine Lücke geschlossen, über die ein Angreifer Root-Rechte erlangen kann. Allerdings wurde diese Lücke zuerst unterschätzt und blieb unbeachtet. --------------------------------------------- https://heise.de/-3606599 *** Vuln: LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95705 *** EMC Avamar Data Store and Avamar Virtual Edition File Ownership Error Lets Local Users Obtain Root Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037667 *** RSA Security Analytics Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037666 *** DFN-CERT-2017-0137: Apache Software Foundation Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0137/ *** Security Advisory 2017-01: Security Update for OTRS Business Solution *** --------------------------------------------- January 24, 2017 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://www.otrs.com/security-advisory-2017-01-security-update-otrs-busines… *** DFN-CERT-2017-0136: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. eine Privilegieneskalation *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0136/ *** Forthcoming OpenSSL releases *** --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2k, 1.1.0d. These releases will be made available on 26th January 2017 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity "moderate". --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2017-January/000091.html *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-10009 *** https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31440025.html?… --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-10010 *** https://support.f5.com:443/kb/en-us/solutions/public/k/64/sol64292204.html?… --------------------------------------------- *** Security Advisory: PHPMailer vulnerability CVE-2016-10033 *** https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74977440.html?… --------------------------------------------- *** Apple Security Updates *** --------------------------------------------- *** macOS Sierra 10.12.3 *** https://support.apple.com/kb/HT207483 --------------------------------------------- *** iOS 10.2.1 *** https://support.apple.com/kb/HT207482 --------------------------------------------- *** tvOS 10.1.1 *** https://support.apple.com/kb/HT207485 --------------------------------------------- *** watchOS 3.1.3 *** https://support.apple.com/kb/HT207487 --------------------------------------------- *** iCloud for Windows 6.1.1 *** https://support.apple.com/kb/HT207481 --------------------------------------------- *** Safari 10.0.3 *** https://support.apple.com/kb/HT207484 --------------------------------------------- *** iTunes 12.5.5 for Windows *** https://support.apple.com/kb/HT207486 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in sudo affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024766 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in expat affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024767 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995440 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in GnuPG (gpg) affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024768 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024769 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in QEMU affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024770 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in nettle affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024771 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024772 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024773 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024775 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 23-01-2017
by Daily end-of-shift report 23 Jan '17

23 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-01-2017 18:00 − Montag 23-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** PowerShell 5.1 for Windows 7 and later , (Fri, Jan 20th) *** --------------------------------------------- Microsoft has released Windows Management Framework 5.1 for windows 7 and later. WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition.">">"> (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21957&rss *** Hotel zum vierten Mal von Hackern lahmgelegt *** --------------------------------------------- Das Seehotel Jägerwirt auf der Turracher Höhe ist bereits zum vierten Mal von Hackern heimgesucht und erpresst worden. Die elektronischen Zimmerschlüssel wurden lahmgelegt. Daher will man jetzt zu normalen Schlüsseln zurückkehren. --------------------------------------------- http://kaernten.orf.at/news/stories/2821290/ *** Stopping Malware With a Fake Virtual Machine *** --------------------------------------------- As we explained in a previous post, some advanced malware can detect a virtual environment such as a sandbox to avoid detection and analysis. Some threats can also detect monitoring tools used for malware analysis. Often such malware will not execute or change their behavior to appear harmless. Because some malware uses these tactics, planting fake virtual machine artefacts or fake analysis tools on a system... --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/stopping-malware-fake-virtu… *** Wartungsarbeiten Dienstag, 24. 1. 2017 *** --------------------------------------------- Am Dienstag, 24. Jänner 2017, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen. Es gehen dabei keine Daten (zb Emails) verloren, die Bearbeitung kann sich allerdings verzögern. --------------------------------------------- http://www.cert.at/services/blog/20170120104523-1882.html *** The Week in Ransomware - January 20th 2017 - Satan RaaS, Spora, Locky, and More *** --------------------------------------------- This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-janua… *** Sage 2.0 Ransomware, (Sat, Jan 21st) *** --------------------------------------------- Introduction On Friday 2017-01-20, I checked on a malicious spam (malspam) campaign that normally distributes Cerber ransomware. That Friday it delivered ransomware Id never seen before called Sage. More specifically, it was Sage 2.0." /> Shown above: Its always fun to find ransomawre thats not Cerber or Locky. Sage is yet another family of ransomware in an already crowded field. It was noted on BleepingComputer forums back in December 2016 [1, 2], and Sage is apparently a variant of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21959&rss *** Symantec schlampt erneut mit TLS-Zertifikaten *** --------------------------------------------- Offenbar haben mehrere von Symantec betriebene Certificate Authorities (CAs) unberechtigterweise über 100 TLS-Zertifikate ausgestellt. Das kann ein Auslesen des Datenverkehrs von HTTPS-geschützten Websites durch Dritte ermöglichen. --------------------------------------------- https://heise.de/-3604190 *** Android permissions and hypocrisy *** --------------------------------------------- I wrote a piece a few days ago about how the Meitu app asked for a bunch of permissions in ways that might concern people, but which were not actually any worse than many other apps. The fact that Android makes it so easy for apps to obtain data thats personally identifiable is of concern, but in the absence of another stable device identifier this is the sort of thing that capitalism is inherently going to end up making use of. Fundamentally, this is Googles problem to fix. --------------------------------------------- http://mjg59.dreamwidth.org/46403.html *** Researchers predict upsurge of Android banking malware *** --------------------------------------------- Android users, beware: source code and instructions for creating a potent Android banking Trojan have been leaked on a hacker forum, and researchers are expecting an onslaught of malware based on it. In fact, one has already been spotted. Masquerading as a variety of benign apps (e.g. Google Play) on third-party Android app markets, the Trojan - dubbed Android.BankBot.149.origin by Dr. Web researchers - is eminently capable. It can: Send and intercept text messages (including... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/23/upsurge-android-banking-malware/ *** Massive Twitter Botnet Dormant Since 2013 *** --------------------------------------------- Researchers from the University College London have found a Twitter botnet of 350,000 bots that has been dormant since shortly after the accounts were registered. --------------------------------------------- http://threatpost.com/massive-twitter-botnet-dormant-since-2013/123246/ *** Heartbleed: OpenSSL hört nicht auf zu bluten *** --------------------------------------------- Eine Analyse der öffentlich im Internet erreichbaren Systeme zeigt, dass immer noch Hunderttausende für die OpenSSL-Lücke Heartbleed anfällig sind. Die bald drei Jahre alte Lücke findet sich demnach hauptsächlich in Mietservern der Cloud. --------------------------------------------- https://heise.de/-3605222 *** QNAP Storage Devices Firmware Update Flaw Lets Remote Users Access the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037663 *** DSA-3769 libphp-swiftmailer - security update *** --------------------------------------------- Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, amailing solution for PHP, did not correctly validate user input. Thisallowed a remote attacker to execute arbitrary code by passingspecially formatted email addresses in specific email headers. --------------------------------------------- https://www.debian.org/security/2017/dsa-3769 *** DSA-3770 mariadb-10.0 - security update *** --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.29. Please see the MariaDB 10.0 Release Notes for furtherdetails:... --------------------------------------------- https://www.debian.org/security/2017/dsa-3770 *** DFN-CERT-2017-0123: OpenJPEG: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0123/ *** Security Notice - Statement on Flanker Revealing Privilege Elevation Vulnerability in Huawei EMUI Keyguard Application *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170123-01-… *** Vuln: Red Hat JBoss Enterprise Application Platform CVE-2016-8627 Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95698 *** Security Advisories Relating to Symantec Products - Norton Download Manager DLL Loading *** --------------------------------------------- Symantec has released an update to address a DLL loading vulnerability detected in the Norton Download Manager for affected products --------------------------------------------- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s… *** Vuln: Brocade Network Advisor CVE-2016-8204 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95695 *** Vuln: Brocade Network Advisor CVE-2016-8205 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95694 *** Vuln: Brocade Network Advisor CVE-2016-8206 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95692 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction (CVE-2016-5597, CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997219 --------------------------------------------- *** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991280 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099501 --------------------------------------------- *** IBM Security Bulletin: HTTP Response Splitting in WebSphere Application Server affects IBM Virtualization Engine TS7700 (CVE-2016-0359) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009661 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 20-01-2017
by Daily end-of-shift report 20 Jan '17

20 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-01-2017 18:00 − Freitag 20-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Satan: A new ransomware-as-a-service *** --------------------------------------------- Ransomware as a Service (RaaS) has been growing steadily since it made its debut in 2015 with Tox. With the new Satan .. --------------------------------------------- https://www.webroot.com/blog/2017/01/19/satan-new-ransomware-service *** DSA-3767 mysql-5.5 - security update *** --------------------------------------------- Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3767 *** Unbreakable Locky ransomware is on the march again *** --------------------------------------------- Necrus botnet wakes up and starts fresh malware-cano Cisco is warning of possible return of a massive ransomware spam .. --------------------------------------------- www.theregister.co.uk/2017/01/20/locky_ransomware_horrorshow_returns/ *** Internetsicherheit 2016: Erpressungstrojaner boomen in Österreich *** --------------------------------------------- Unternehmen verstärkt im Visier von DDOS-Erpressern – Geheimdienste verstärkt tätig --------------------------------------------- http://derstandard.at/2000051229037 *** Angebliche Backdoor: Kryptographen kritisieren Whatsapp-Bericht des Guardian *** --------------------------------------------- Die Diskussion um die angebliche Backdoor in Whatsapp reißt nicht ab. Bekannte Sicherheitsforscher wie .. --------------------------------------------- http://www.golem.de/news/angebliche-backdoor-kryptographen-kritisieren-what… *** Social Engineering: Neue Angriffsmethode richtet sich gegen Firmen *** --------------------------------------------- In den letzten Tagen wurden der Melde- und Analysestelle Informationssicherung MELANI mehrere Fälle gemeldet, bei denen Betrüger Firmen anrufen, sich als .. --------------------------------------------- https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/social-… *** Achtung: Große Anzahl von Netgear-Routern lässt sich über Admin-Interface kapern *** --------------------------------------------- Gleich 30 Router-Modelle von Netgear enthalten eine Schwachstelle, die es Angreifern ermöglicht, die Admin-Passwörter der Geräte auszulesen und diese komplett zu übernehmen. Die Updates des Herstellers sollten umgehend eingespielt werden. --------------------------------------------- https://heise.de/-3603918 *** Wieder Ermittlungen gegen Skidata im Betriebsspionage-Verfahren *** --------------------------------------------- http://derstandard.at/2000051248975 *** ZDI-17-044: Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations .. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-044/ *** ZDI-17-045: Adobe Reader DC XSLT apply-templates Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-045/ *** ZDI-17-053: Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-053/

1 0

Tageszusammenfassung - Donnerstag 19-01-2017
by Daily end-of-shift report 19 Jan '17

19 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-01-2017 18:00 − Donnerstag 19-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Who is Anna-Senpai, the Mirai Worm Author? *** --------------------------------------------- On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that .. --------------------------------------------- https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-autho… *** Docker Patches Container Escape Vulnerability *** --------------------------------------------- Docker has patched a privilege escalation vulnerability that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container. --------------------------------------------- http://threatpost.com/docker-patches-container-escape-vulnerability/123161/ *** Database Ransom Attacks Hit CouchDB and Hadoop Servers *** --------------------------------------------- For the past week, unknown groups of cyber-criminals have taken control of and wiped data from CouchDB and Hadoop databases, in some cases asking for a ransom fee to return the .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/database-ransom-attacks-hit-… *** Adobes naughty Chrome telemetry code had XSS problem *** --------------------------------------------- Since patched, but a bad look for Adobe when it cant even get snoopware right Adobes pushed out a fix for its already-controversial Chrome telemetry extension after Project Zeros Tavis Ormandy found an .. --------------------------------------------- www.theregister.co.uk/2017/01/19/adobe_telemetry_patch_patched_against_xss/ *** Insecure Hadoop installs next in net scum crosshairs *** --------------------------------------------- Because MongoDB, Elasticsearch ransomware attacks are sooo last week Rinse-and-repeat ransomware attacks on data services left unsecured by dozy sysadmins are now hitting Hadoop instances. --------------------------------------------- www.theregister.co.uk/2017/01/19/insecure_hadoop_installs_under_attack/ *** Ex-Sysadmin fordert 200.000 Dollar für Nennung von Passwort *** --------------------------------------------- US-amerikanisches College wirft ehemaligem Mitarbeiter Erpressung vor --------------------------------------------- http://derstandard.at/2000050946919 *** Apple’s malware problem is accelerating *** --------------------------------------------- For a long time, one of the most common reasons for buying an Apple computer over a Windows-based one was that the former was less susceptible to viruses and other malware. However, the .. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/19/apple-malware-problem-accelerati… *** Viren, Spam und Computerausfälle betreffen IT-Sicherheit bei KMU *** --------------------------------------------- Fehlendes Wissen und Angst vor Kosten wichtigste Gründe, warum Situation nicht verbessert wird --------------------------------------------- http://derstandard.at/2000051117771 *** DSA-3766 mapserver - security update *** --------------------------------------------- It was discovered that mapserver, a CGI-based framework for Internetmap services, was vulnerable to a stack-based overflow. This issueallowed a remote user to crash the service, or potentially execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3766 *** Google veröffentlicht Riesen-Patch-Paket für Android *** --------------------------------------------- 94 einzelne Lücken, 10 kritische Sicherheitsprobleme; Googles Android Security Bulletin für den Januar hat es in sich. --------------------------------------------- https://heise.de/-3603108 *** Forcepoint: Carbanak nutzt Google-Dienste für Malware-Hosting *** --------------------------------------------- Wer seine Malware auf einem Command-und-Control-Server hostet, läuft Gefahr, von Firewall-Regeln erkannt zu werden. Die Carbanak-Gruppe liefert Kommandos daher über Google-Docs aus. --------------------------------------------- http://www.golem.de/news/forcepoint-carbanak-nutzt-google-dienste-fuer-malw… *** Hackingvorwürfe: "Deutschland stellt Russland als Aggressor dar" *** --------------------------------------------- Russisches Außenamt beschwert sich über deutsche Vorgangsweise: "Keine Beweise vorgelegt" --------------------------------------------- http://derstandard.at/2000051188487 *** Samsung SmartCam-Kameras sind Freiwild für Botnetz-Betreiber *** --------------------------------------------- Forscher haben vor Jahren Lücken in der SmartCam SNH-1011 entdeckt, die von Samsung nur unzureichend geflickt wurden. Nun sind die IP-Kameras erneut angreifbar. --------------------------------------------- https://heise.de/-3603201

1 0

Tageszusammenfassung - Mittwoch 18-01-2017
by Daily end-of-shift report 18 Jan '17

18 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 17-01-2017 18:00 − Mittwoch 18-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Critical Patch Update - January 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html *** vBulletin Malware – When Hackers Compete for Backdoor Control *** --------------------------------------------- A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we encountered had .. --------------------------------------------- https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-… *** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH and other third party software vulnerabilities affect NSM Appliance OS. *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS *** Kill it with fire: US-CERT warns admins to dump Server Message Block *** --------------------------------------------- Shadow Brokers may have loosed a zero-day, so youre better safe than sorry The US computer emergency readiness team .. --------------------------------------------- www.theregister.co.uk/2017/01/18/uscert_warns_admins_to_kill_smb_after_shad… *** Do web injections exist for Android? *** --------------------------------------------- Man-in-the-Browser (MITB) attacks can be implemented using various means, including malicious DLLs, rogue .. --------------------------------------------- http://securelist.com/blog/research/77118/do-web-injections-exist-for-andro… *** In Review: 2016’s Mobile Threat Landscape Brings Diversity, Scale, and Scope *** --------------------------------------------- 65 million: the number of times we’ve blocked mobile threats in 2016. By December 2016, the total number of unique samples of malicious Android apps we’ve collected and .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/2016-mobile-thre… *** Last call to replace SHA-1 certificates *** --------------------------------------------- http://blog.sec-consult.com/2017/01/last-call-to-replace-sha-1-certificates… *** The Carbanak gang is with a new modus operandi, Google services as C&C *** --------------------------------------------- The infamous Carbanak cybercrime gang is back and is leveraging Google services for command-and-control of its malicious codes. The dreaded Carbanak cybercrime gang is back .. --------------------------------------------- http://securityaffairs.co/wordpress/55427/cyber-crime/carbanak-google-servi… *** Spora Ransomware Offers Victims Unique Payment Options *** --------------------------------------------- Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options. --------------------------------------------- http://threatpost.com/spora-ransomware-offers-victims-unique-payment-option… *** Kritische Lücken in Java & Co: Oracle wirft Riesen-Patchpaket ab *** --------------------------------------------- Das neueste Critical Patch Update von Oracle enthält unter anderem Sicherheitsupdates für Java, MySQL und VirtualBox. Wie immer gibt es Patches für fast alle Produkte des Herstellers. --------------------------------------------- https://heise.de/-3601613 *** Ancient Mac backdoor discovered that targets medical research firms *** --------------------------------------------- More secure than PC? Ha! Security researchers at Malwarebytes have discovered a Mac backdoor using antiquated code that targets biomedical research facilities.… --------------------------------------------- ww.theregister.co.uk/2017/01/18/mac_malware/ *** Uncovering the Inner Workings of EyePyramid *** --------------------------------------------- Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-inner…

1 0

Tageszusammenfassung - Dienstag 17-01-2017
by Daily end-of-shift report 17 Jan '17

17 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 16-01-2017 18:00 − Dienstag 17-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Who's winning the cyber war? The squirrels, of course *** --------------------------------------------- CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" can. --------------------------------------------- http://arstechnica.com/information-technology/2017/01/whos-winning-the-cybe… *** Dodgy Dutch developer built backdoors into thousands of sites *** --------------------------------------------- Then hoovered out users personal data, stole identities galore and spent up big Dutch police are this week warning 20,000 users that their email accounts were hacked after .. --------------------------------------------- www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_b… *** [2017-01-17] Cross site scripting in TYPO3 CMS extension "Recommend page" *** --------------------------------------------- The "Recommend page" extension (pb_recommend_page) for the TYPO3 CMS does not sanitize input properly. Hence an attacker can inject malicious HTML/JavaScript content which can cause harm to the users. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Erpressung ist (immer noch) in! *** --------------------------------------------- Das neue Jahr bringt sicherlich wieder viele technische Neuerungen und (potentiell unsägliche) Trends mit sich. Eines bleibt leider unverändert: Erpressung ist in.Neben DDoS-Drohungen und Ransomware in .. --------------------------------------------- http://www.cert.at/services/blog/20170117104444-1861.html *** CryptoSearch: Tool findet und sammelt von Ransomware verschlüsselte Dateien zur Verwahrung ein *** --------------------------------------------- Wenn ein Erpressungs-Trojaner Daten in seine Gewalt gebracht hat, hoffen Opfer auf ein kostenloses Entschlüsselungstool - wann und ob überhaupt eins kommt, ist aber oft unklar. Ein Windows-Tool sammelt und archiviert bis dahin betroffene Dateien. --------------------------------------------- https://heise.de/-3597757 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- Security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to read a small part of ... --------------------------------------------- https://support.citrix.com/article/CTX219378 *** Free-to-Play: Forum von Clash-of-Clans-Betreiber gehackt *** --------------------------------------------- Erneut ist ein vBulletin-Forum gehackt worden. Betroffen sind vermutlich 1,1 Millionen Nutzer von Supercell-Foren. Der Spielehersteller vertreibt populäre Titel wie Clash of Clans und Clash Royale. --------------------------------------------- http://www.golem.de/news/free2play-forum-von-clash-of-clans-betreiber-gehac… *** The Line of Death *** --------------------------------------------- When building applications that display untrusted content, security designers have a major problems if an attacker has full control of a block of pixels, he can make those pixels look .. --------------------------------------------- https://textslashplain.com/2017/01/14/the-line-of-death/

1 0

Tageszusammenfassung - Montag 16-01-2017
by Daily end-of-shift report 16 Jan '17

16 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-01-2017 18:00 − Montag 16-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Hardening Windows 10 with zero-day exploit mitigations *** --------------------------------------------- Cyber attacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-wi… *** WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs *** --------------------------------------------- According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for .. --------------------------------------------- http://securityaffairs.co/wordpress/55308/breaking-news/wordpress-4-7-1-rel… *** DSA-3764 pdns - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in pdns, an authoritativeDNS server. The Common Vulnerabilities and Exposures project identifiesthe following .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3764 *** DSA-3763 pdns-recursor - security update *** --------------------------------------------- Florian Heinz and Martin Kluge reported that pdns-recursor, a recursiveDNS server, parses all records present in a query regardless of whetherthey are .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3763 *** Backup Files Are Good but Can Be Evil *** --------------------------------------------- Since we started to work with computers, we always heard the following advice: Make backups!. Everytime you have to change something in a file or an application, first make a backup of the existing resources (code, configuration files, data). But, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21935 *** Compliance: Deutsche Bank verbannt Whatsapp und SMS von Diensthandys *** --------------------------------------------- Mitarbeiter der Deutschen Bank können künftig nicht mehr untereinander per Whatsapp oder SMS kommunizieren. Die Apps sollen von den Geräten der Mitarbeiter entfernt werden - weil es die Behörden so wollen. --------------------------------------------- http://www.golem.de/news/compliance-deutsche-bank-verbannt-whatsapp-und-sms… *** DSA-3765 icoutils - security update *** --------------------------------------------- Several programming errors in the wrestool tool of icoutils, a suiteof tools to create and extract MS Windows icons and .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3765 *** Rätselraten um NSA-Waffenhändler "Shadow Brokers" *** --------------------------------------------- Hacker- Gruppe kündigte Rückzug an – lauter werdende Gerüchte um Verbindungen nach Russland --------------------------------------------- http://derstandard.at/2000050751646 *** Datendiebstahl bei den iPhone-Hackern Cellebrite *** --------------------------------------------- Die Firma, die die Verschlüsselung des iPhones für das FBI geknackt haben soll, wurde Opfer eines Datendiebstahls. 900 GB an Daten sind gestohlen worden. --------------------------------------------- https://futurezone.at/digital-life/datendiebstahl-bei-den-iphone-hackern-ce… *** Cyberangriffe zu deutschem Wahlkampf befürchtet: Abwehrzentrum geplant *** --------------------------------------------- Bundestagspräsident: "Was technisch möglich ist, findet auch statt" --------------------------------------------- http://derstandard.at/2000050779644 *** Google reveals its servers all contain custom security silicon *** --------------------------------------------- Even the servers it colocates (!) says new docu revealing Alphabet subs security secrets Google has published a Infrastructure Security Design Overview that explains how it secures .. --------------------------------------------- www.theregister.co.uk/2017/01/16/google_reveals_its_servers_all_contain_cus… *** Blackberry DTEK60 im (Sicherheits-)Test: Sicher, weil isso! *** --------------------------------------------- Blackberry will die Quadratur des Kreises schaffen: ein sicheres Android-Smartphone. Leider stellt der Hersteller wenig Informationen bereit und verwirrt Nutzer teils unnötig. --------------------------------------------- http://www.golem.de/news/blackberry-60-im-sicherheits-test-sicher-weil-isso… *** New Gmail phishing technique fools even tech-savvy users *** --------------------------------------------- An effective new phishing attack is hitting Gmail users and tricking many into inputing their Gmail credentials into a fake login page. How the attack unfolds The phishers start by compromising a Gmail account, then they rifle through the emails .. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/16/new-gmail-phishing-attack-fools-… *** 35 Jahre C64: Die Geburtsstunde der "Cracker" und Kopierer *** --------------------------------------------- In den 1980er-Jahren war es in Österreich vergleichsweise schwer, überhaupt Software zu kaufen --------------------------------------------- http://derstandard.at/2000049895466 *** Cartapping: Autos werden seit 15 Jahren digital verwanzt *** --------------------------------------------- Um den Standort eines Autos zu überwachen, muss längst keine GPS-Wanze mehr angebracht werden. In den USA wird das offenbar schon lange mithilfe der intelligenten Navigations- und Bordsysteme praktiziert. --------------------------------------------- http://www.golem.de/news/cartapping-autos-werden-seit-15-jahren-digital-ver… *** We reverse engineered 16k apps, here’s what we found *** --------------------------------------------- In Nov’16, we created an online tool to reverse engineer any android app to look for secrets. This tool was built because of an internal need — we were constantly required to reverse .. --------------------------------------------- https://medium.com/@mkagenius/afdccb592b81 *** Mailserver Dovecot: erfolgreiches Sicherheits-Audit *** --------------------------------------------- Als weitestgehend sicher stuft das Berliner IT-Sicherheitsunternehmen Cure53 den Mailserver Dovecot ein. In Auftrag gegeben hatte diese Untersuchung die Mozilla Foundation. --------------------------------------------- https://heise.de/-3596977

1 0

Tageszusammenfassung - Freitag 13-01-2017
by Daily end-of-shift report 13 Jan '17

13 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-01-2017 18:00 − Freitag 13-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Critical Patch Update - January 2017 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html *** EMET 5.52 update is now available *** --------------------------------------------- EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2017/01/12/emet-5-52-update-is-now-… *** Marlboro Ransomware Defeated in One Day *** --------------------------------------------- A new ransomware family was snuffed in its crib today after security researchers tracked it down, analyzed its source code for weaknesses, and released a decrypter in less than 24 hours. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated… *** Angriffe auf VoIP-Gateways von beroNet, Patch sorgt für Sicherheit *** --------------------------------------------- Angreifer entdeckten eine Schwachstelle in den VoIP-Gateways des Berliner Herstellers beroNet und nutzen diese seit kurzem aus, um die Rechnungen ihrer Opfer in die Höhe zu treiben. Ein Patch des Herstellers stopft das Sicherheitsloch. --------------------------------------------- https://heise.de/-3594737 *** November-December 2016 *** --------------------------------------------- The NCCIC/ICS-CERT Monitor for November/December 2016 is a summary of ICS-CERT activities for the previous two months --------------------------------------------- https://ics-cert.us-cert.gov/monitors/ICS-MM201612 *** Wie sich Banken vor Cyberangriffen schützen *** --------------------------------------------- Olaf Schwarz, Information Security Officer bei der Direktbank ING DiBa Austria über Cyberangriffe auf Banken, Ransomware und Sicherheitsschulungen für Mitarbeiter. --------------------------------------------- https://futurezone.at/digital-life/wie-sich-banken-vor-cyberangriffen-schue… *** Whos Attacking Me?, (Fri, Jan 13th) *** --------------------------------------------- I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. IVRE [1] (DRUNK in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. Its a network reconnaissance framework that includes: Passive recon features (via flow analysis coming from Bro or Nfdump Fingerprinting analysis Active recon (via Nmapor Zmap) Import tools (from Nmap or Masscan) I deployed this tool and feed it with... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21933&rss *** MongoDB Hijackers Move on to ElasticSearch Servers *** --------------------------------------------- After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongodb-hijackers-move-on-to… *** Schlüsselaustausch: Aufregung um angebliche Whatsapp-Backdoor *** --------------------------------------------- Hat Whatsapp eine Backdoor? Das behaupten zumindest ein Sicherheitsforscher und der Guardian. Tatsächlich könnte es auch eine weniger spektakuläre Erklärung geben. --------------------------------------------- http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsa… *** Ploutus ATM Malware: Press F3 for Money *** --------------------------------------------- Security researchers from FireEye have identified a new variant of the Ploutus ATM malware, used for the past few years to make ATMs spew out cash on command. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ploutus-atm-malware-press-f3… *** Security Alert: RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware *** --------------------------------------------- Cybersecurity experts obsessively repeat two types of advice: Use stronger passwords. Update your software. Today's security alert is all about the importance of applying software updates as soon as they're released. At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users. The campaign works by injecting malicious scripts into insecure... --------------------------------------------- https://heimdalsecurity.com/blog/rig-exploit-kit-cerber-ransomware-outdated… *** DSA-3761 rabbitmq-server - security update *** --------------------------------------------- It was discovered that RabbitMQ, an implementation of the AMQPprotocol, didnt correctly validate MQTT (MQ Telemetry Transport)connection authentication. This allowed anyone to login to an existinguser account without having to provide a password. --------------------------------------------- https://www.debian.org/security/2017/dsa-3761 *** Vuln: Splunk Enterprise CVE-2016-10126 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95412 *** Vuln: Lenovo XClarity Administrator CVE-2016-8221 Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95417 *** HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information *** --------------------------------------------- A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403 *** Vuln: Zabbix CVE-2016-10134 SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95423 *** Security Advisory: BIND vulnerability CVE-2016-9147 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02138183.html?… *** Security Advisory: BIND vulnerability CVE-2016-9131 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/86/sol86272821.html?… *** Security Advisory: BIND vulnerability CVE-2016-9444 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40181790.html?… *** PowerDNS Security Fixes *** --------------------------------------------- PowerDNS Recursor 4.0.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001051.ht… --------------------------------------------- PowerDNS Recursor 3.7.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001052.ht… --------------------------------------------- PowerDNS Authoritative Server 4.0.2 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001053.ht… --------------------------------------------- PowerDNS Authoritative Server 3.4.11 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001054.ht… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology *** https://www.ibm.com/support/docview.wss?uid=swg21997084 --------------------------------------------- *** IBM Security Bulletin: Unauthenticated User Could Gain Remote Access to TS3100/TS3200 (CVE-2016-9005) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009656 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Image Construction and Composition Tool. (CVE-2016-5573, CVE-2016-5542, and CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21997055 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM PureApplication System. *** http://www.ibm.com/support/docview.wss?uid=swg21994499 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. *** http://www.ibm.com/support/docview.wss?uid=swg21997063 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996950 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099527 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-0378) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996968 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Monitoring (CVE-2015-1788) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997156 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 12-01-2017
by Daily end-of-shift report 12 Jan '17

12 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-01-2017 18:00 − Donnerstag 12-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Personalisierte card complete-Phishingmail *** --------------------------------------------- Eine personalisierte cardcomplete-Phishingmail, die EmpfÄnger/innen direkt beim Namen benennt, ist im Umlauf. In dieser behaupten Kriminelle, dass es zu verdÄchtigen Transaktionen gekommen sei, weshalb Kund/innen sich auf einer Website legitimieren sollen. Es handelt sich um einen Versuch, mit dem Kriminelle an fremde Kreditkartendaten gelangen wollen. --------------------------------------------- https://www.watchlist-internet.at/phishing/personalisierte-card-complete-ph… *** The Most Dangerous User Right You (Probably) Have Never Heard Of *** --------------------------------------------- One user right I overlooked, until Ben Campbell's post on constrained delegation, was SeEnableDelegationPrivilege. This right governs whether a user account can "Enable computer and user accounts to be trusted for delegation." Part of the reason I overlooked it is stated right in the documentation:... --------------------------------------------- http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-y… *** Sicherheitsloch im Herzschrittmacher *** --------------------------------------------- Ein Firmware-Update soll Patienten mit Herzschrittmachern oder implantierten Defibrillatoren davor schützen, dass Hacker die Kontrolle über die Geräte übernehmen. Es gibt jedoch Zweifel daran, dass die Geräte nach dem Update sicher sind. --------------------------------------------- https://heise.de/-3593932 *** Latest Adobe Acrobat Reader Update Silently Installs Chrome Extension *** --------------------------------------------- An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the users Chrome browser. There is no mention of this "special package" on Acrobats changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page theyre on as a PDF file and share... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/s_zCwl6BNOY/latest-adobe-ac… *** Some tools updates, (Thu, Jan 12th) *** --------------------------------------------- A coupleof tools were updated and release today. Network Miner was updated. Version 2.1 is not available for download. Network Miner is packet sniffer/analyzer focused on extracting application layer forensic artifacts. The update adds new protocols and enhances email reassembly options. http://www.netresec.com/?page=Blogmonth=2017-01post=NetworkMiner-2-1-Releas… BlackhillsInformation Security released a Powershellversion of theDNSCAT2client. DNSCAT2 is a popular command and control tool... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21925&rss *** System Resource Utilization Monitor, (Thu, Jan 12th) *** --------------------------------------------- The attackers have come and gone and youare left behind to clean up the mess. You arrive on site to figure out how the bad guysgot in, what they took and how badly it will affect the customer. But, the customer doesnt syslog the firewall logs, so youare limited to the three days of logs that are held in thefirewalls memory. The Windows Event logs on most of the systems roll over every 5 minutes, and there is no centralized long term logging. There is no IDS. There is no full packet capture. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21927&rss *** Hintergrund: Open Bug Bounty: Sicherheitslücken gegen Prämie *** --------------------------------------------- heise Security machte nicht ganz freiwillig Bekanntschaft mit einer bisher weitgehend unbekannten Plattform, auf der Hacker und andere Forscher Sicherheitslücken melden können. --------------------------------------------- https://heise.de/-3593886 *** Ansible: Update soll kritischen Fehler in den 2.x-Versionen beheben *** --------------------------------------------- Da die Schwachstelle als hohes Risiko eingestuft wird, haben die Macher Release Candidates der Versionen 2.1.4 und 2.2.1 veröffentlicht, die den Fehler beheben. --------------------------------------------- https://heise.de/-3594254 *** Rent an IP, Own a Domain *** --------------------------------------------- The other day I was on a mission to locate a contact of mine that lived nearby. I had an address, but no phone, or email address. So I got the GPS out, programmed in the address, and away I went. Arriving at the location, I turned into the driveway, and it was an apartment... --------------------------------------------- https://blog.domaintools.com/2017/01/rent-an-ip-own-a-domain/ *** WordPress 4.7.1 Security and Maintenance Release *** --------------------------------------------- This is a security release for all previous versions and we strongly encourage you to update your sites immediately. --------------------------------------------- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance… *** Bugtraq: ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) *** --------------------------------------------- http://www.securityfocus.com/archive/1/540011 *** Vuln: libgit2 badssl.c Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95354 *** Bugtraq: IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced *** --------------------------------------------- http://www.securityfocus.com/archive/1/540003 *** Vuln: Zimbra CVE-2016-3403 Multiple Cross Site Request Forgery Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95383 *** NetIQ Privileged Account Manager 3.0.1 HF3 (3.0.1-3) *** --------------------------------------------- Abstract: NetIQ Privileged Account Manager 3.0.1 Hot Fix 3 (3.0.1.3). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release addresses does not contain new features.Document ID: 5267862Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:netiq-npam-packages-3.0.1-3.tar.gz (175.63 MB)Products:Privileged Account Manager 3.0.1Superceded Patches:NetIQ Privileged Account Manager 3.0.1 HF 1NetIQ Privileged --------------------------------------------- https://download.novell.com/Download?buildid=Ciuap7psZuo~ *** DFN-CERT-2017-0054: ISC BIND: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0054/ *** Vuln: SAP NetWeaver XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95373 *** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95367 *** Juniper Security Advisories *** --------------------------------------------- *** JSA10772 - 2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303) *** http://kb.juniper.net/index?page=content&id=JSA10772&actp=RSS --------------------------------------------- *** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH vulnerabilities affect NSM Appliance OS. *** http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS --------------------------------------------- *** JSA10773 - 2017-01 Security Bulletin: QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600: Etherleak memory disclosure in Ethernet padding data (CVE-2017-2304) *** http://kb.juniper.net/index?page=content&id=JSA10773&actp=RSS --------------------------------------------- *** JSA10771 - 2017-01 Security Bulletin: Junos: Denial of Service vulnerability in RPD (CVE-2017-2302) *** http://kb.juniper.net/index?page=content&id=JSA10771&actp=RSS --------------------------------------------- *** JSA10770 - 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 16.1R1 release. *** http://kb.juniper.net/index?page=content&id=JSA10770&actp=RSS --------------------------------------------- *** JSA10769 - 2017-01 Security Bulletin: Junos: Denial of service vulnerability in jdhcpd due to crafted DHCPv6 packets (CVE-2017-2301) *** http://kb.juniper.net/index?page=content&id=JSA10769&actp=RSS --------------------------------------------- *** JSA10768 - 2017-01 Security Bulletin: Junos: SRX Series denial of service vulnerability in flowd due to crafted multicast packets (CVE-2017-2300) *** http://kb.juniper.net/index?page=content&id=JSA10768&actp=RSS --------------------------------------------- *** IBM Security Bulletin *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) IBM Java SDK updates October 2016 *** http://www-01.ibm.com/support/docview.wss?uid=swg21995972 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Netezza Analytics *** http://www-01.ibm.com/support/docview.wss?uid=swg21995049 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2016-5953) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994521 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in LMS 6.0 on Cloud *** http://www.ibm.com/support/docview.wss?uid=swg21992072 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 11-01-2017
by Daily end-of-shift report 11 Jan '17

11 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-01-2017 18:00 − Mittwoch 11-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** How to secure MongoDB - because it isnt by default and thousands of DBs are being hacked *** --------------------------------------------- Stop right now and make sure youve configured it correctly The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/mongodb_ran… *** Phishing per Autofill: Chrome, Safari, Opera und Erweiterungen wie LastPass angreifbar *** --------------------------------------------- Chromium-basierte Browser, Safari und beliebte Erweiterungen wie der Passwortmanager LastPass lassen sich austricksen, um mehr über den Nutzer preiszugeben, als dieser ahnt. --------------------------------------------- https://heise.de/-3593811 *** Injection of Unwanted Google AdSense Ads *** --------------------------------------------- During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It's not uncommon to see adult ads since networks that work with the porn industry usually allow a higher level of anonymity and have less strict guidelines (if any) on the quality... --------------------------------------------- https://blog.sucuri.net/2017/01/injection-unwanted-google-adsense-ads.html *** Spora Ransomware Works Offline, Has the Most Sophisticated Payment Site as of Yet *** --------------------------------------------- A new ransomware family made its presence felt today, named Spora, the Russian word for "spore." This new ransomwares most notable features are its solid encryption routine, ability to work offline, and a very well put together ransom payment site, the most sophisticated weve seen from ransomware authors as of yet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offli… *** Juniper warns: Borked upgrade opens root on firewalls *** --------------------------------------------- Turn it off and turn it back on again. No, really Juniper is warning users of its SRX firewalls that a borked upgrade leaves a root-level account open to the world. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/juniper_war… *** Hancitor/Pony/Vawtrak malspam, (Wed, Jan 11th) *** --------------------------------------------- Introduction Until recently, I hadnt personally seen much malicious spam (malspam) using Microsoft office documents with Hancitor-based Visual Basic (VB) macros to send Pony and Vawtrak. It still happens, though. Occasionally, Ill find a report like this one from 2016-12-19, where Hancitor/Pony/Vawtrak malspam was disguised as a LogMeIn account notification, but I rarely come across an example on my own. At least until yesterday. This diary describes a recent wave of Hancitor/Pony/Vawtrak... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21919&rss *** MS17-JAN - Microsoft Security Bulletin Summary for January 2017 - Version: 1.1 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS17-JAN *** Bugtraq: ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539992 http://www.securityfocus.com/archive/1/539993 http://www.securityfocus.com/archive/1/539995 *** Vuln: Ansible CVE-2016-9587 Arbitrary Command Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95352 *** VU#767208: ThreatMetrix SDK for iOS fails to validate SSL certificates *** --------------------------------------------- Vulnerability Note VU#767208 ThreatMetrix SDK for iOS fails to validate SSL certificates Original Release date: 10 Jan 2017 | Last revised: 10 Jan 2017 Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. Description ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity... --------------------------------------------- http://www.kb.cert.org/vuls/id/767208 *** DFN-CERT-2017-0041: BlackBerry Enterprise Server: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0041/ *** BSRT-2017-003 Vulnerability in WatchDox Server components impacts WatchDox by BlackBerry *** --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038915 *** DFN-CERT-2017-0045: WebKitGTK+: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0045/ *** GnuTLS Lets Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037576 *** DFN-CERT-2017-0047: GnuTLS: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0047/ *** Vuln: PHP CVE-2017-5340 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95371 *** Bugtraq: Bit Defender #39 - Auth Token Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539999 *** Vuln: Computer Associates Service Desk Manager CVE-2016-10086 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95366 *** Security Advisory - DoS Vulnerability in Multiple Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-… *** Security Advisory - Camera DOS Vulnerability in ION Memory Management Module of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-… *** Security Notice - Statement on SaifAllah BenMassaoud Revealing CSRF Security Vulnerability in Huawei B660 Routers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170111-01-… *** Vuln: SAP Products *** --------------------------------------------- *** Vuln: SAP Single Sign On Denial of Service Vulnerability *** http://www.securityfocus.com/bid/95363 --------------------------------------------- *** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability *** http://www.securityfocus.com/bid/95362 http://www.securityfocus.com/bid/95365 --------------------------------------------- *** Vuln: SAP NetWeaver AS JAVA getUserUddiElements SQL Injection Vulnerability *** http://www.securityfocus.com/bid/95364 --------------------------------------------- *** Vuln: SAP NetWeaver Application Server Java Portal App Component Cross Site Scripting Vulnerability *** http://www.securityfocus.com/bid/95368 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Hard-coded credentials used in IBM dashDB Local (CVE-2016-8954) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994471 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21995685 --------------------------------------------- *** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5881) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995122 --------------------------------------------- *** IBM Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009328 --------------------------------------------- *** IBM Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009593 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 10-01-2017
by Daily end-of-shift report 10 Jan '17

10 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-01-2017 18:00 − Dienstag 10-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Adobe Security Bulletins posted *** --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB17-01) and Adobe Flash Player (APSB17-02). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1438 https://helpx.adobe.com/security/products/acrobat/apsb17-01.html https://helpx.adobe.com/security/products/flash-player/apsb17-02.html *** Rätselhafte Netzwerk-Aktivitäten mit GRE-Paketen *** --------------------------------------------- Aufmerksame Admins verzeichnen aktuell auf ihren VPN-Gateways und Firewalls eine Zunahme von scheinbar sinnlosen GRE-Paketen. Die Ursache ist bislang unklar. --------------------------------------------- https://heise.de/-3592231 *** Krebs's Immutable Truths About Data Breaches *** --------------------------------------------- Ive had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction. --------------------------------------------- https://krebsonsecurity.com/2017/01/krebss-immutable-truths-about-data-brea… *** Terror Exploit Kit? More like Error Exploit Kit *** --------------------------------------------- Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-lik… *** Über 1000 deutsche Online-Shops infiziert und angezapft *** --------------------------------------------- Bei über tausend deutschen Online-Shops ziehen Kriminelle jetzt gerade Kundendaten und Zahlungsinformationen ab - und das zum Teil schon seit Monaten. Laut BSI ignorieren viele Shop-Betreiber das Problem. --------------------------------------------- https://heise.de/-3592281 *** Datenklau an Geldautomaten steigt an, Schaden sinkt *** --------------------------------------------- Datendiebe haben an Geldautomaten in Deutschland wieder häufiger zugeschlagen. Trotz moderner Technik verursacht Skimming nach wie vor Millionenschäden. An anderer Stelle allerdings sind Bankkunden noch mehr gefährdet. --------------------------------------------- https://heise.de/-3592571 *** A Review of Cryptography - Part 1 *** --------------------------------------------- Overview of Last Articles Our last few articles have dealt with the science and technology of Biometrics. To review, it is merely the Verification and/or Identification of an individual based on their unique physiological traits or even behavioral mannerisms. This is probably one of the best forms of Security technology to use because it is... --------------------------------------------- http://resources.infosecinstitute.com/a-review-of-cryptography-part-1/ *** Two New Edge Exploits Integrated into Sundown Exploit Kit *** --------------------------------------------- Two recently published proof-of-concept exploits targeted Microsoft Edge were recently integrated into the Sundown Exploit Kit. --------------------------------------------- http://threatpost.com/two-new-edge-exploits-integrated-into-sundown-exploit… *** Port 37777 "MapTable" Requests, (Tue, Jan 10th) *** --------------------------------------------- Thanks to Born for noticing an increase in %%port:37777%% TCP traffic. He wrote a blog with some of the payloads he found, and after he notified us, I was able to confirm his observations in our honeypot [1]. First 32 bytes of the payload: c1 00 00 00 00 14 00 00 63 6f 6e 66 69 67 00 00 c. o. n. f. i. g 31 00 00 00 00 00 00 00 ">{ Enable : 1, MapTable : [ { Enable : 1, InnerPort : 85, OuterPort : 85, Protocol : TCP, ServiceName : HTTP }, { Enable : 1, InnerPort : 37777, OuterPort :... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21913&rss *** Vuln: DLink DGS-1100 Switch CVE-2016-10125 Local Hardcoded SSL Certificate Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95329 *** St. Jude Merlin@home Transmitter Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a channel accessible by non-endpoint vulnerability in St. Jude Medical's Merlin@home transmitter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01 *** Intel Ethernet Controller X710/XL710 NVM Security Vulnerability *** --------------------------------------------- A security vulnerability in the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. Under certain use conditions the Ethernet controller will stop sending and receiving data until the controller is reset. All NVM versions 5.04 and earlier contain this vulnerability which is fully mitigated in NVM version 5.05. --------------------------------------------- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&lang… *** DFN-CERT-2017-0034: Foxit Reader, Foxit PhantomPDF, Foxit PDF Toolkit: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0034/ *** Moodle 3.2.1 release notes *** --------------------------------------------- A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. --------------------------------------------- https://docs.moodle.org/dev/Moodle_3.2.1_release_notes *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993856 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986) *** http://www.ibm.com/support/docview.wss?uid=swg21996503 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995206 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995198 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378) *** http://www.ibm.com/support/docview.wss?uid=swg21996502 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in SnapDrive for Windows may Result in Disclosure of Sensitive Information （CVE-2015-8544） *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009256 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 9-01-2017
by Daily end-of-shift report 09 Jan '17

09 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 05-01-2017 18:00 − Montag 09-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-01) *** --------------------------------------------- A prenotification Security Advisory (APSB17-01) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, January 10, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the... --------------------------------------------- https://blogs.adobe.com/psirt/?p=1434 *** Great Misadventures of Security Vendors: Absurd Sandboxing Edition, (Fri, Jan 6th) *** --------------------------------------------- Like many security researchers, I employ a variety of OPSEC techniques to help detect if I have been targeted by something for whatever reason. One of those techniques I use in Virustotal is basically a vanity Yara rule that looks for a variety of strings that would indicate malware was specifically targeting me or some data was uploaded that references me. Virustotal Intelligence is a useful too for doing that and many researchers have paid for access which allows you to also download samples... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21895&rss *** Using Security Tools to Compromize a Network, (Sat, Jan 7th) *** --------------------------------------------- One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox with our favourite tools.Yesterday, I read an interesting blog article about extracting saved credentials from a compromised Nessus system[1]. This in indeed a nice target forthe bad guy! Why? Such security tools deployed inside a network have interesting characteristics: They have... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21903&rss *** Erpressertrojaner griffen kürzlich mehr als 10.000 Datenbanken an *** --------------------------------------------- Schwachstellen bei MongoDB ausgenutzt, Sicherheitsforscher sprechen von Angriffswelle --------------------------------------------- http://derstandard.at/2000050382671 *** Sicherheitsupdates: LibVNCServer gegen Speicherfehler gerüstet *** --------------------------------------------- Seit über zwei Jahren hat die Programmbibliothek keine Updates spendiert bekommen. Nun schließen die Entwickler zwei Schwachstellen. --------------------------------------------- https://heise.de/-3591417 *** 11 Steps to Improve Your Public Wi-Fi Security [Updated] *** --------------------------------------------- A day without Wi-Fi is a day not fully lived. We're (somewhat) exaggerating, but it's fair to say Wi-Fi has become a staple of the modern life. --------------------------------------------- https://heimdalsecurity.com/blog/11-security-steps-public-wi-fi-networks/ *** SWIFT speaks on fraudulent messages and the security moves the cooperative is making to assist its customers *** --------------------------------------------- The February 2016 attack on Bangladesh Bank which involved the sending of fraudulent SWIFT messages from the bank's environment, was followed by a number of other attacks on banks using the SWIFT network. The criminal hackers' intention is to compromise the banks' environments in order to gain their SWIFT credentials, send fraudulent messages and route payments to themselves. Since that time, the SWIFT cooperative has instituted measures ultimately designed to help their... --------------------------------------------- http://www.cio.com/article/3155253/security/swift-speaks-on-fraudulent-mess… *** FTC Takes D-Link to Court Because of Insecure Routers and Cameras *** --------------------------------------------- The US Federal Trade Commission (FTC) has filed a lawsuit against D-Link, a Taiwanese hardware manufacturer, for misrepresentations about the security of various devices it sold in the US, and for failing to take action and secure devices when security flaws were reported. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ftc-takes-d-link-to-court-be… *** WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs *** --------------------------------------------- Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/wordpress-joomla-and-magento… *** DFN-CERT-2017-0027: OpenSSL: Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- Eine Schwachstelle in OpenSSL sowie den Derivaten wie z.B. LibreSSL und BoringSSL ermöglicht einem lokalen, nicht authentisierten Angreifer das Ausspähen von privatem Schlüsselmaterial. Die Entwickler von OpenSSL stellen bislang noch keine Sicherheitsupdates zur Verfügung. OpenBSD stellt Source Code Patches für die Versionen OpenBSD 5.9 und 6.0 als Sicherheitsupdates bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0027/ *** NETGEAR ProSAFE Firewall Bug Lets Remote Users Traverse the Directory to View Files on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037548 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available *** http://www-01.ibm.com/support/docview.wss?uid=swg21996761 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime and Apache Tomcat affects IBM RLKS Administration and Reporting Tool Admin (CVE-2016-5597, CVE-2016-3092) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995448 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009699 --------------------------------------------- *** IBM Security Bulletin: IBM InfoSphere DataStage is vulnerable to Cross-Frame Scripting issue (CVE-2016-9000) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995257 --------------------------------------------- *** IBM Security Bulletin: IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability (CVE-2016-8999) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995155 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21995687 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor *** http://www-01.ibm.com/support/docview.wss?uid=swg21995758 --------------------------------------------- *** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. *** http://www-01.ibm.com/support/docview.wss?uid=swg21995691 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in 64-bit block ciphers affects IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2183, CVE-2016-6329) *** http://www.ibm.com/support/docview.wss?uid=swg21993665 --------------------------------------------- *** IBM Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024708 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 5-01-2017
by Daily end-of-shift report 05 Jan '17

05 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 04-01-2017 18:00 − Donnerstag 05-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** E-Banking-Trojaner: Über 100.000 Euro Schaden *** --------------------------------------------- Eine E-Banking-Schadsoftware hat bei einer Netzwerktechnikfirma in der Stadt Salzburg über 100.000 Euro Schaden angerichtet. Mehrere Überweisungen wurden auf ein slowakisches Konto umgeleitet. --------------------------------------------- http://salzburg.orf.at/news/stories/2818225/ *** Microsoft kills off security bulletins - for good *** --------------------------------------------- Microsoft's last ever security bulletin is next week - so has the manual bulletin had its day? --------------------------------------------- https://www.htbridge.com/blog/microsoft-kills-off-security-bulletins-for-go… *** VB2016 paper: Open Source Malware Lab *** --------------------------------------------- At VB2016, ThreatConnect Director of Research Innovation Robert Simmons presented a paper on setting up an open source malware lab. Today, we share the accompanying paper and video. --------------------------------------------- https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware… *** What Hack? Burlington Electric Speaks Out *** --------------------------------------------- Burlington Electric Department general manager Neale Lunderville speaks out about last weeks incident and response to reports the electric grid had been hacked. --------------------------------------------- http://threatpost.com/what-hack-burlington-electric-speaks-out/122860/ *** Hackers could turn your smart meter into a bomb and blow your family to smithereens - new claim *** --------------------------------------------- And before that, pwn your IoT gadgets via power supply gear Smart meters are "dangerously insecure," according to researcher Netanel Rubin - who claimed the gear uses weak encryption, relies on easily pwned protocols, and can be programmed to explode. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/04/smart_metre… *** FireCrypt Ransomware Comes With a DDoS Component *** --------------------------------------------- A new ransomware family named FireCrypt will encrypt the users files, but also attempt to launch a very feeble DDoS attack on a URL hardcoded in its source code. --------------------------------------------- https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-w… *** Emsisoft releases a decryptor for version 3 of the Globe Ransomware *** --------------------------------------------- Fabian Wosar of Emisoft has released a decrypter for version 3 of the Globe Ransomware. This decryptor will decrypt the Globe Ransomware variants that commonly append the .decrypt2017 and .hnumkhotep extensions to encrypted files. --------------------------------------------- https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decrypto… *** Mixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password Goes Wrong, (Wed, Jan 4th) *** --------------------------------------------- A writer wrote in to send us an interesting phishing attempt they had received at their organization. An email from a school domain that purported to be VetMeds send an encrypted PDF that required a user-name and password to log in to. The subject of the email was Assessment document. The PDF itself was created with Microsoft Word and included a link that suggested it was a locked document and you needed to click a link to unlock it which pointed to chai[.]myjino[.]ru and gave a screen with a... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21881&rss *** KillDisk Ransomware Now Targets Linux, Prevents Boot-Up, Has Faulty Encryption *** --------------------------------------------- Researchers have discovered a Linux variant of the KillDisk ransomware, which itself is a new addition to the KillDisk disk wiper malware family, previously used only to sabotage companies by randomly deleting data and altering files. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/killdisk-ransomware-now-targ… *** [R1] Nessus 6.9.3 Fixes One Vulnerability *** --------------------------------------------- Tenable Nessus was found to be impacted by an authenticated stored cross-site scripting (XSS) issue. --------------------------------------------- https://www.tenable.com/security/tns-2017-01 *** HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution *** --------------------------------------------- A potential security vulnerability has been identified in HPE Operations Orchestration. The vulnerability could be remotely exploited to allow remote code execution. --------------------------------------------- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05361944 *** Google Nexus Qualcomm GPU Driver CVE-2016-8434 Privilege Escalation Vulnerability *** --------------------------------------------- Google Nexus is prone to a privilege-escalation vulnerability. Attackers can exploit this issue to execute arbitrary code with elevated privileges within the context of the kernel. --------------------------------------------- http://www.securityfocus.com/bid/95257 *** Atlassian Confluence 5.9.12 Cross Site Scripting *** --------------------------------------------- Topic: Atlassian Confluence 5.9.12 Cross Site Scripting Risk: Low Text: ==[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ] == Persisted Cross-Site Scripting (XSS) in Confluence J... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017010029 *** ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle *** --------------------------------------------- Topic: ShoreTel Mobility Client iOS 9.1.2.101 SSL Man-In-The-Middle Risk: Medium Text:ShoreTel Mobility Client iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6562) Overview "The Mobility Clie... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017010028 *** Doubleclick for Publishers (DFP) - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-002 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-002Project: Doubleclick for Publishers (DFP) (third-party module)Version: 7.xDate: 2017-January-04Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:None/E:Exploit/TD:AllVulnerability: Cross Site ScriptingDescriptionThis module enables you to to place advertisements on your site that are served by Googles DFP (Doubleclick for Publisher) service.The module has multiple Cross Site Scripting (XSS) vulnerabilities due to not sufficiently... --------------------------------------------- https://www.drupal.org/node/2841114 *** Permissions by Term -- Critical - Multiple vulnerabilities - SA-CONTRIB-2017-001 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-001Project: Permissions by Term (third-party module)Version: 8.xDate: 2017-January-04Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypass, Information DisclosureDescriptionThe Permissions by Term module extends Drupal functionality by restricting access to single nodes via taxonomy terms. Taxonomy terms are part of the Drupal core functionality. Taxonomy term permissions can be coupled to specific... --------------------------------------------- https://www.drupal.org/node/2841094 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in HTTP request processing affects IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-8977) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995014 --------------------------------------------- *** IBM Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU Oct 2016 Includes Oracle Oct 2016 CPU affect Content Collector for Email *** https://www-01.ibm.com/support/docview.wss?uid=swg21995468 --------------------------------------------- *** IBM Security Bulletin: vCenter password disclosure via application tracing in IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments:Data Protection for VMware (CVE-2016-6110) *** http://www.ibm.com/support/docview.wss?uid=swg21996198 --------------------------------------------- *** IBM Security Bulletin:Vulnerabilities in Apache Tomcat and OpenSSL affect Rational BuildForge *** http://www-01.ibm.com/support/docview.wss?uid=swg21995528 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099526 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099528 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Common Reporting (TCR) 2016Q4 Security Updater : TCR is affected by multiple vulnerabilities. *** http://www-01.ibm.com/support/docview.wss?uid=swg21996032 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in DHCP affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099529 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in GNU C Library affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099524 --------------------------------------------- *** IBM Security Bulletin: Apache Xerces-C vulnerabilities affects IBM Cloud Manager with OpenStack (CVE-2016-4463) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024585 --------------------------------------------- Next End-of-Shift report: 2017-01-09

1 0

Tageszusammenfassung - Mittwoch 4-01-2017
by Daily end-of-shift report 04 Jan '17

04 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 03-01-2017 18:00 − Mittwoch 04-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Technical details on the Fancy Bear Android malware (poprd30.apk) *** --------------------------------------------- Background Recently, Crowdstrike has published details about a malicious Android APK file, named poprd30.apk or Попр-Д30.apk. It seems that the malware was created by the Fancy Bear group for tracking Ukrainian field .. --------------------------------------------- http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-m… *** Remote Code Execution in third party library swiftmailer *** --------------------------------------------- https://typo3.org/news/article/remote-code-execution-in-third-party-library… *** Real World FSociety Malware Is Giving Mr. Robot a Bad Name *** --------------------------------------------- In the past few weeks, more or less talented malware authors have resorted to naming their newly launched threats using the "FSociety" brand, made famous by the Mr. Robot TV series. --------------------------------------------- https://www.bleepingcomputer.com/news/security/real-world-fsociety-malware-… *** Microsoft to Add Bitcoin Support to Excel Later This Year *** --------------------------------------------- https://www.bleepingcomputer.com/news/software/microsoft-to-add-bitcoin-sup… *** Campaign Evolution: pseudo-Darkleech in 2016 *** --------------------------------------------- Darkleech is long-running campaign that uses exploit kits (EKs) to deliver malware. First identified in 2012, this campaign has used different EKs to distribute various types of .. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2016/12/unit42-campaign-evolutio… *** The Download on the DNC Hack *** --------------------------------------------- Over the past few weeks, Ive been inundated with questions from readers asking why I havent written much about two stories that have consumed the news media of late: The alleged .. --------------------------------------------- https://krebsonsecurity.com/2017/01/the-download-on-the-dnc-hack/ *** l+f: Russische Hacker aus der postapokalyptischen Strahlenwüste *** --------------------------------------------- https://heise.de/-3587018 *** Eindringling nimmt offenbar MongoDB-Datenbanken als Geisel *** --------------------------------------------- Ein unbekannter Angreifer soll ungeschützte MongoDB-Datenbanken leeren und den Eigentümern eine Erpresser-Botschaft hinterlassen. --------------------------------------------- https://heise.de/-3587479 *** Sicherheitslücke: Kaspersky schlampt bei TLS-Zertifikatsprüfung *** --------------------------------------------- Die Antivirensoftware von Kaspersky liest bei TLS-Verbindungen mit und sorgt nebenbei dafür, dass die Zertifikatsprüfung ausgehebelt wird. Wieder einmal konnte Tavis Ormandy von Google damit zeigen, wie löchrig sogenannte Sicherheitssoftware ist. --------------------------------------------- http://www.golem.de/news/sicherheitsluecke-kaspersky-schlampt-bei-tls-zerti… *** Gefälschte Erste Bank/Sparkasse-Mail: Bestätigung erforderlich *** --------------------------------------------- Mit einer gefälschten Erste Bank/Sparkasse-Nachricht wollen Kriminelle OnlineBanking-Zugangsdaten von Kund/innen stehlen. Damit sie das Ziel erreichen, behaupten sie in dem .. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-erste-banksparkasse-… *** Programmiersprachen: Sicheres NTP könnte von C auf Rust oder Go wechseln *** --------------------------------------------- Mit NTPsec erstellt ein Team um den Open-Source-Pionier Eric S. Raymond eine sichere Implementierung für NTP. Das Team überlegt, sich komplett von dem C-Code zu trennen und stattdessen eine sichere Programmiersprache wie Rust oder Go zu verwenden. --------------------------------------------- http://www.golem.de/news/programmiersprachen-sicheres-ntp-koennte-von-c-auf… *** BlackBerry, Google und LG patchen unter anderem abermals kritische Stagefright-Lücke *** --------------------------------------------- Bereits seit Juni 2015 kämpft Google gegen kritische Schwachstellen in Multimedia-Komponenten von Android. Der alleinige Empfang einer MMS kann ein Gerät schachmatt setzen. Nun liefern verschiedene Hersteller erneut Sicherheitsupdates. --------------------------------------------- https://heise.de/-3587867

1 0

Tageszusammenfassung - Dienstag 3-01-2017
by Daily end-of-shift report 03 Jan '17

03 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 02-01-2017 18:00 − Dienstag 03-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Aus der Filterbubble #33c3 zurück in die Realität *** --------------------------------------------- Der 33. Chaos Communication Congress war mein erster. Was mich am meisten beeindruckt hat. Und wie es ist, wieder im Alltag anzukommen. --------------------------------------------- https://futurezone.at/myfuzo/blog/aus-der-filterbubble-33c3-zurueck-in-die-… *** Mac Malware of 2016 *** --------------------------------------------- Lets analyse the malware that appeared in 2016, discussing the infection vector, persistence mechanism, feature, and disinfection for each. --------------------------------------------- https://objective-see.com/blog/blog_0x16.html *** Website Malware Targets Mobile Platforms *** --------------------------------------------- Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous possibility .. --------------------------------------------- https://blog.sucuri.net/2017/01/website-malware-targets-mobile-platforms.htm *** Android tops 2016 vuln list, with 523 bugs *** --------------------------------------------- Google joins Microsoft, Apple, Adobe in top of the pops Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 – but as a vendor, Adobe still tops the list. --------------------------------------------- www.theregister.co.uk/2017/01/03/android_tops_2016_vuln_list_with_523_bugs/ *** Lauri Love: Love gegen die Vereinigten Staaten von Amerika *** --------------------------------------------- Der Anonymous-Aktivist und Hacker Lauri Love soll an die USA ausgeliefert werden. Dort drohen ihm wegen des unberechtigten Veränderns von Webseiten und Hacking fast 100 Jahre Haft. Wenn wir Lauri nicht retten können, können wir uns auch nicht selbst retten, warnen Aktivisten. --------------------------------------------- http://www.golem.de/news/lauri-love-love-gegen-die-vereinigten-staaten-von-… *** libpng-Entwickler schließen 21 Jahre alte Sicherheitslücke *** --------------------------------------------- Praktisch alle Versionen der Programmbibliothek libpng sind verwundbar. Über eine Schwachstelle könnten Angreifer Systeme lahmlegen. Abgesicherte Versionen sind verfügbar. --------------------------------------------- https://heise.de/-3585996 *** Top Secret -cleared SOCOM staff in 11GB Govt contractor breach *** --------------------------------------------- Dismissed hacker calls US Govt buddy to nix exposed database A Pentagon subcontractor has exposed the names, locations, Social Security Numbers, and salaries of Military Special .. --------------------------------------------- www.theregister.co.uk/2017/01/03/top_secret_cleared_socom_staff_in_11gb_gov… *** Deprecation of Insecure Algorithms and Protocols in RHEL 6.9 *** --------------------------------------------- Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2787271 *** Doch keine Spur nach Russland nach Angriff auf US-Stromversorger *** --------------------------------------------- Ermittler fanden keine Indizien – Mitarbeiter hatte mit eigenem Laptop Mails aufgerufen --------------------------------------------- http://derstandard.at/2000050193323

1 0

Tageszusammenfassung - Montag 2-01-2017
by Daily end-of-shift report 02 Jan '17

02 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 30-12-2016 18:00 − Montag 02-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Sundown Exploit Kit now leverages on the steganography *** --------------------------------------------- A new variant of the Sundown exploit kit leverages on steganography to hide exploit code in harmless-looking image files. Security experts from Trend Micro have spotted a new version of the Sundown exploit kit .. --------------------------------------------- http://securityaffairs.co/wordpress/54886/cyber-crime/sundown-exploit-kit-2… *** Russische Cyberattacken gegen USA: Junge Hackerin als Mastermind verdächtigt *** --------------------------------------------- Soll Geheimdienst unterstützt haben – Alisa Schewtschenko sieht sich als Sündenbock in Konflikt zwischen Obama und Putin --------------------------------------------- http://derstandard.at/2000050064533 *** Grizzly Steppe: Russischer Schadcode bei US-Stromversorger gefunden *** --------------------------------------------- Zum Glück war es kein Steuerungsrechner: Ein US-Elektrizitätsversorger hat in einem Computer Schadcode gefunden, der von Grizzly Steppe stammen könnte. Die US-Behörden wollen jetzt untersuchen, ob weitere Versorgungsunternehmen betroffen sind. --------------------------------------------- http://www.golem.de/news/grizzly-steppe-russischer-schadcode-bei-us-stromve… *** DSA-3750 libphp-phpmailer - security update *** --------------------------------------------- Dawid Golunski discovered that PHPMailer, a popular library to sendemail from PHP applications, allowed a remote attacker to executecode if they were able to provide a crafted Sender address. --------------------------------------------- https://www.debian.org/security/2016/dsa-3750 *** Creepy Site Claims To Reveal Torrenting Histories *** --------------------------------------------- Slashdot reader dryriver writes: The highly invasive and possibly Russian owned and operated website IKnowWhatYouDownload.com immediately shows [a] bittorent download history for .. --------------------------------------------- https://yro.slashdot.org/story/16/12/31/0214203/creepy-site-claims-to-revea… *** Zend Framework Input Validation Flaw in zend-mail Lets Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037539 *** Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037538 *** E-Mail-Dienst Lavabit kehrt zur Trump-Angelobung zurück *** --------------------------------------------- Der ehemalige E-Mail-Anbieter, den Edward Snowden nutzte, könnte ausgerechnet zur Trump-Inauguration zurückkommen. --------------------------------------------- https://futurezone.at/digital-life/e-mail-dienst-lavabit-kehrt-zur-trump-an… *** Nach stundenlangem Ausfall: Bankomatkassen wieder in Betrieb *** --------------------------------------------- Technische Probleme der Schweizer Firma SIX Payment Service behoben – Bankomaten nicht betroffen --------------------------------------------- http://derstandard.at/2000050083333 *** Firefox 52 more privacy oriented with a Tor protection mechanism *** --------------------------------------------- Mozilla development team announced a new privacy protection mechanism that will come with Firefox 52, it aims to prevent websites from fingerprinting users. Mozilla announced the introduction of a new privacy protection .. --------------------------------------------- http://securityaffairs.co/wordpress/54938/digital-id/firefox-52-privacy.html *** Thunderbird: Mozilla schließt mit Sicherheitsupdate kritische Lücken *** --------------------------------------------- In Thunderbird klaffen mehrere Sicherheitslücken, deren Bedrohungsgrad Mozilla mit 'kritisch' und 'hoch' einstuft. Eine abgesicherte Version ist verfügbar. --------------------------------------------- https://heise.de/-3583472 *** Erpresser-Botschaft in Dauerschleife: Smart TV von LG mit Ransomware infiziert *** --------------------------------------------- Bisher warnten Sicherheitsforscher nur davor, dass Erpressungs-Trojaner auch Smart TVs mit Android-Betriebssystem befallen könnten. Nun ist es offensichtlich zu einer ersten dokumentierten Infektion gekommen. --------------------------------------------- https://heise.de/-3584043 *** l+f: Lesen statt Lösegeld *** --------------------------------------------- Ein Erpressungs-Trojaner zwingt seine Opfer, sich in puncto Computer-Sicherheit weiterzubilden. --------------------------------------------- https://heise.de/-3585353 *** Russische Hacker nutzten laut FBI für Angriffe auch Rechner in Wien *** --------------------------------------------- Server des Vereins "Funkfeuer" findet sich auf von US-Behörden veröffentlichter Liste an Angriffscomputern --------------------------------------------- http://derstandard.at/2000050143907

1 0

Tageszusammenfassung - Freitag 30-12-2016
by Daily end-of-shift report 30 Dec '16

30 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 29-12-2016 18:00 − Freitag 30-12-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Session Stealer Script Used In OpenCart *** --------------------------------------------- With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up an online storefront and sell your products. While the process to get the site up may be simple, there are .. --------------------------------------------- https://blog.sucuri.net/2016/12/session-stealer-script-used-opencart.html *** Recent Spam Runs in Germany Show How Threats Intend to Stay in the Game *** --------------------------------------------- In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/recent-spam-runs… *** Grizzly Steppe: FBI nennt 900 IP-Adressen russischer Hackerangriffe *** --------------------------------------------- Nach den Sanktionen folgen die Indikatoren: Die US-Regierung veröffentlicht ihre Analyse zu den angeblich russischen Hackerattacken auf weltweite Institutionen. Auch über IP-Adressen aus Deutschland sollen die Angriffe gelaufen sein. --------------------------------------------- http://www.golem.de/news/grizzly-steppe-fbi-nennt-900-ip-adressen-russische… *** Apples iMessage anfällig für manipulierte Kontaktdateien *** --------------------------------------------- Eine manipulierte vCard, die aktuell per iMessage und MMS im Umlauf ist, kann die Nachrichten-App auf dem iPhone oder iPad des Empfängers zum Absturz bringen – und komplett lahmlegen. Es gibt aber einen Ausweg. --------------------------------------------- https://heise.de/-3582980 *** Vuln: Lenovo Transition CVE-2016-8227 Local Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95159 *** More on Protocol 47 denys *** --------------------------------------------- Following up on yesterdays diary on an increase in Protocol 47 traffic. Thanks to everyone who sent the ISC PCAPs and more information. Current speculation is the Protocol 47 uptick is backscatter from a DDOS containing GRE traffic and using .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21867&rss *** Cyber-Angriffe: Die schwierige Spurensuche *** --------------------------------------------- Vorwürfe eher auf Basis eines Motivs denn auf Basis technischer Hinweise oder Beweise --------------------------------------------- http://derstandard.at/2000050034274 *** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF *** --------------------------------------------- SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5393.php *** Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS *** --------------------------------------------- SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the curUserName GET parameter in the appFirewallSummary.html script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php *** Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass *** --------------------------------------------- Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5390.php *** Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities *** --------------------------------------------- Dell SonicWALL GMS suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5389.php *** Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection *** --------------------------------------------- Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities. Input passed via the GET parameters searchBySonicwall, firstChangeOrderID, secondChangeOrderID and coDomainID is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5388.php

1 0

Tageszusammenfassung - Donnerstag 29-12-2016
by Daily end-of-shift report 29 Dec '16

29 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 28-12-2016 18:00 − Donnerstag 29-12-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** 33C3: Türsprechanlagen sind des Hackers fette Beute *** --------------------------------------------- Immer mehr Hersteller von Sprechanlagen für Firmen- und Privathäuser setzen zur Kommunikationsübertragung auf den Mobilfunk statt leitungsgebundene Technik. Hackern wird es damit möglich, Türen zu öffnen oder Premiumnummern anzuwählen. --------------------------------------------- https://heise.de/-3582807 *** IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-8934) *** --------------------------------------------- There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21995995 *** IBM Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM Security Network Active Bypass (CVE-2016-3706, CVE-2016-4429) *** --------------------------------------------- GNU C library (glibc) vulnerabilities were found that affect IBM Security Network Active Bypass. CVE(s): CVE-2016-3706, CVE-2016-4429 Affected product(s) and affected version(s): IBM Security .. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21996174 *** IBM Security Bulletin: Vulnerabilies (17 total), in Oracle Outside In Technology (OIT) affect FileNet Content Manager, and IBM Content Foundation *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988553 *** IBM Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175) *** --------------------------------------------- Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21987188 *** 33C3: Bitcoin-Automaten sind noch kein lohnendes Angriffsziel *** --------------------------------------------- Sicherheitsexperten haben auf dem Hamburger Hackertreffen beklagt, dass bei klassischen Geldautomaten weiterhin große Sicherheitslücken bestehen. Bitcoin-Tauschmaschinen hingegen seien für Kriminelle noch uninteressant. --------------------------------------------- https://heise.de/-3582875

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily