- Daily - CERT.at

Tageszusammenfassung - Montag 20-03-2017
by Daily end-of-shift report 20 Mar '17

20 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-03-2017 18:00 − Montag 20-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Malicious Subdirectories Strike Again *** --------------------------------------------- In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim's database structure, attackers were able to inject ads and promote their products. This time, attackers used a similar technique with a little bit more sophistication to achieve their goals. Essay Spam Campaign This technique is now being used to distribute --------------------------------------------- https://blog.sucuri.net/2017/03/malicious-subdirectories-strike-again.html *** Mimikatz: Walkthrough *** --------------------------------------------- Security researchers have been obsessed with Windows security since the beginning of time. Various tools have been released over the years which try to weaken the security/bypass it in some way or the other. Mimikatz is a tool written in `C` as an attempt to play with Windows security. --------------------------------------------- http://resources.infosecinstitute.com/mimikatz-walkthrough/ *** Doctor Web: It is possible to decrypt files encrypted with Trojan.Encoder.10465 *** --------------------------------------------- March 17, 2017 Doctor Web has developed an algorithm that successfully decrypts files encrypted by Trojan.Encoder.10465. Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content: Warning!!! All your files are encrypted with AESalgorithm! --------------------------------------------- http://news.drweb.com/show/?i=11211&lng=en&c=9 *** Sicherheitsupdate in Sicht: Gravierende Telnet-Lücke bedroht zahlreiche Cisco-Switches *** --------------------------------------------- Offensichtlich hat Cisco den Vault-7-Leak analysiert und ist auf eine kritische Lücke in über 300 Modellen seiner Switch-Reihe mit IOS-Betriebsystem gestoßen. Bislang gibt es nur einen Workaround - ein Patch soll folgen. --------------------------------------------- https://heise.de/-3658915 *** RIPS - Finding vulnerabilities in PHP application *** --------------------------------------------- The biggest fear of any developer has always been that their site may get hacked and occasionally it does end up being hacked. For a very long time, the most popular stack being used for the development of website has been the LAMP Stack (Linux, MySQL, PHP/Perl/Python). --------------------------------------------- http://resources.infosecinstitute.com/rips-finding-vulnerabilities-php-appl… *** Browser: Update der Ask.com-Toolbar verteilt Malware *** --------------------------------------------- Die meisten Nutzer dürften sich ohnehin nur fragen, wie sie die Ask.com-Toolbar im Browser am schnellsten wieder loswerden. Doch es gibt ein weiteres Problem: Der Update-Prozess des Programms ist notorisch für Sicherheitslücken anfällig. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/browser-update-der-ask-com-toolbar-verteilt-malwa… *** Gefälschte Virenwarnung auf dem Smartphone *** --------------------------------------------- Während der mobilen Nutzung des Smartphones erscheinen angebliche Virenwarnungen. Sie geben vor, dass das Endgerät mit Schadsoftware infiziert sei. Abhilfe schafft ein Schutzprogramm aus einer unbekannten Quelle. Es kann Schadsoftware installieren oder zu einem Abovertrag führen. --------------------------------------------- https://www.watchlist-internet.at/handy-abzocke/gefaelschte-virenwarnung-au… *** Low Orbit Ion Cannon: Star-Trek-Ransomware tarnt sich als DDoS-Tool *** --------------------------------------------- Wer einen DDoS-Angriff starten will, sollte seine Werkzeuge gut auswählen. Bestimmte Versionen der Low Orbit Ion Cannon starten derzeit keinen Überlastungsangriff, sondern die Verschlüsselung der eigenen Festplatte. Teuer wird es auch, wenn Spock die Festplatte entschlüsseln soll. (Star Trek, Applikationen) --------------------------------------------- https://www.golem.de/news/low-orbit-ion-cannon-star-trek-ransomware-tarnt-s… *** Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024962 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, and v1.0.2. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547,CVE-2016-5548, CVE-2016-5549) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000014 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by php5 vulnerabilities (CVE-2016-9933, CVE-2016-9935) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024961 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by an International Components for Unicode (ICU) vulnerability (CVE-2014-9911) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024958 --------------------------------------------- *** IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Query Parameter in SSL Request (CVE-2016-6102) *** http://www.ibm.com/support/docview.wss?uid=swg22000359 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus *** http://www.ibm.com/support/docview.wss?uid=swg22000536 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-03-2017
by Daily end-of-shift report 17 Mar '17

17 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-03-2017 18:00 − Freitag 17-03-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Bugtraq: CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure *** --------------------------------------------- http://www.securityfocus.com/archive/1/540291 *** SSA-603476 (Last Update 2017-03-16): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476… *** Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy *** --------------------------------------------- Nearly three years ago, I wrote a post named “Pass-the-Hash is Dead: Long Live Pass-the-Hash” that detailed some operational implications of Microsoft’s KB2871997 patch. A specific sentence in the security advisory, “Changes to this feature .. --------------------------------------------- http://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-loca… *** Chamois: Google deckt betrügerisches Werbenetzwerk auf *** --------------------------------------------- Adfraud ist ein weit verbreitetes Problem auf Android-Geräten. Google hat Details zu einem neu entdeckten Netzwerk bekanntgegeben, es soll das größte bislang bekannte sein. --------------------------------------------- https://www.golem.de/news/chamois-google-deckt-betruegerisches-werbenetzwer… *** Winzige Kameras auf Bankomaten spähen PINs aus *** --------------------------------------------- Die Londoner Polizei hat innerhalb kurzer Zeit mehrere Mini-Kameras entdeckt, die an Geldautomaten angebracht waren. --------------------------------------------- https://futurezone.at/digital-life/winzige-kameras-auf-bankomaten-spaehen-p… *** GitHub Code Execution Bug Fetches $18,000 Bounty *** --------------------------------------------- GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console. --------------------------------------------- http://threatpost.com/github-code-execution-bug-fetches-18000-bounty/124378/ *** BSI: Schützt euer Owncloud vor Feuer und Wasser! *** --------------------------------------------- Das BSI beklagt, dass Nutzer von Owncloud und Nextcloud ihre Installationen nicht aktualisieren. Das liegt aber auch daran, dass die Updatefunktion oft fehlschlägt. Und die .. --------------------------------------------- https://www.golem.de/news/bsi-schuetzt-euer-owncloud-vor-feuer-und-wasser-1… *** Sieben Jahre alte Lücke im Linux-Kernel erlaubt Rechteausweitung *** --------------------------------------------- Über die Lücke können Angreifer außerdem den Kernel lahmlegen. Da die Lücke schon so lange im Code des Kernels schlummert, betrifft sie sehr viele Systeme. --------------------------------------------- https://heise.de/-3657912 *** Wettbewerb: Windows, MacOS, Linux und Browser gehackt *** --------------------------------------------- Bei der Veranstaltung Pwn2Own hacken IT-Security-Teams um die Wette. Insgesamt winken eine Million US-Dollar Preisgeld. --------------------------------------------- https://futurezone.at/digital-life/wettbewerb-windows-macos-linux-und-brows… *** Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Low Orbit Ion Cannon: Star-Trek-Ransomware tarnt sich als DDos-Tool *** --------------------------------------------- Wer einen DDoS-Angriff starten will, sollte seine Werkzeuge gut auswählen. Bestimmte Versionen der Low Orbit Ion Cannon starten derzeit keinen Überlastungsangriff, sondern die Verschlüsselung der eigenen Festplatte. Teuer wird es .. --------------------------------------------- https://www.golem.de/news/low-orbit-ion-cannon-star-trek-ransomware-tarnt-s…

1 0

Tageszusammenfassung - Donnerstag 16-03-2017
by Daily end-of-shift report 16 Mar '17

16 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-03-2017 18:00 − Donnerstag 16-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Attackers target dozens of global banks with new malware *** --------------------------------------------- Organizations in 31 countries have been targeted in a new wave of attacks which has been underway since at least October 2016. The attackers used compromised websites or 'watering holes' to infect pre-selected targets with previously unknown malware. --------------------------------------------- https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks… *** SEO Spam Campaign Exploiting WordPress REST API Vulnerability *** --------------------------------------------- Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated. In fact, we are seeing quite a few sites that are still using versions 4.7 and 4.7.1, which are vulnerable to the WordPress REST API vulnerability patched in early February (version 4.7.2). This more serious vulnerability allows attackers to create, delete, and modify .. --------------------------------------------- https://blog.sucuri.net/2017/03/seo-spam-via-wp-rest-api-vulnerability.html *** Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001 *** --------------------------------------------- Drupal 8.2.7, a maintenance release which contains fixes for security vulnerabilities, is now available for download.Download Drupal 8.2.7Upgrading your existing Drupal 8 sites is strongly recommended. There are no new features nor non-security-related bug fixes in this release. --------------------------------------------- https://www.drupal.org/SA-2017-001 *** Ransomware operators are hiding malware deeper in installer packages *** --------------------------------------------- We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These changes are observed in installers that drop ransomware like Cerber, Locky, and others. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/03/15/ransomware-operators-ar… *** DFN-CERT-2017-0429/">Roundcube Webmail: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer kann mit Hilfe einer Email, die ein speziell präpariertes SVG-Element enthält, einen Cross-Site-Scripting (XSS)-Angriff gegen Benutzer von Roundcube Webmail durchführen. Der Hersteller stellt Roundcube Webmail 1.1.8 und 1.2.4 zur Behebung der Schwachstelle bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0429/ *** Using Intels SGX to Attack Itself *** --------------------------------------------- Researchers have demonstrated using Intels Software Guard Extensions to hide malware and steal cryptographic keys from inside SGXs protected enclave:Malware Guard Extension: Using SGX to Conceal Cache AttacksAbstract:In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. --------------------------------------------- https://www.schneier.com/blog/archives/2017/03/using_intels_sg.html *** [2017-03-16] Authenticated Command Injection in multiple Ubiquiti Networks products *** --------------------------------------------- The firmware of various Ubiquiti Networks devices contains a command injection vulnerability which can be exploited by luring an authenticated user to click on a malicious link or surf to a malicious website. Low privileged users can elevate their rights and use the vulnerability for further attacks. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Moodle 2.7.19 release notes *** --------------------------------------------- A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. --------------------------------------------- https://docs.moodle.org/dev/Moodle_2.7.19_release_notes *** NexusLogger: A New Cloud-based Keylogger Enters the Market *** --------------------------------------------- NexusLogger is a cloud-based keylogger that uses the Microsoft .NET Framework and has a low level of sophistication. NexusLogger collects keystrokes, system information, stored passwords and will take screenshots. It also specifically seeks to harvest game credentials for UPlay, Minecraft, Steam, and Origin. ... All NexusLogger samples require communications with the nexuslogger[.]com domain via HTTPS, which makes it trivial for defenders to block. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/03/unit42-nexuslogger-new-c… *** Penetration Testing Node.Js Applications - Part-2 *** --------------------------------------------- This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them while doing performing code review of node.js applications. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** Vuln: Palo Alto Networks Terminal Services CVE-2017-6356 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96925 *** Alert (TA17-075A) HTTPS Interception Weakens TLS Security *** --------------------------------------------- Organizations that have performed a risk assessment and determined that HTTPS inspection is a requirement should ensure their HTTPS inspection products are performing correct transport layer security (TLS) certificate validation. Products that do not properly ensure secure TLS communications and do not convey error messages to the user may further weaken the end-to-end protections that HTTPS aims to provide. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-075A *** Code Review of Node.Js Applications: Uncommon Flaws *** --------------------------------------------- This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them while doing performing code review of node.js applications. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** (Twitter) Keep Calm and Revoke Access *** --------------------------------------------- For the last 24 hours, the Twitter landscape has seen several official accounts hacked. ... How to protect against this kind of attack? First, do not link your Twitter account to untrusted or suspicious applications. ... Finally, the best advice is to visit the following link at regular interval: https://twitter.com/settings/applications. During your first visit, you could be surprised to find so many applications linked to your account! --------------------------------------------- https://blog.rootshell.be/2017/03/15/keep-calm-revoke-access/ *** BSI warnt vor gefährdeten Cloud-Servern: über 20.000 deutsche ownCloud- und Nextcloud-Installationen veraltet *** --------------------------------------------- Das BSI ist auf viele veraltete Installationen von ownCloud und Nextcloud gestoßen. Obwohl die Betroffenen Bescheid wissen, haben bislang die wenigsten reagiert. --------------------------------------------- https://heise.de/-3656458 *** Microsoft To End Support For Windows Vista In Less Than a Month *** --------------------------------------------- In less than a months time, Microsoft will put Windows Vista to rest once and for all. If youre one of the few people still using it, you have just a few weeks to find another option before time runs out. (I mean, nobody will uninstall it from your computer, but.) From a report on PCWorld: After April 11, 2017, Microsoft will no longer support Windows Vista: no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9XgfNI5PoWc/microsoft-to-en… *** Warnung vor kaufhaus-guenther.de *** --------------------------------------------- Kaufhaus Günther ist ein 'Online Kaufhaus'. Es wirbt mit Produkten für Haushalt, Technik und Möbel. Die verlangten Preise sind sehr günstig. Eine Bezahlung der Ware ist nur im Voraus möglich. Wer sie bezahlt, verliert Geld, denn kaufhaus-guenther.de ist ein Fake-Shop. Er liefert trotz Bezahlung keine Ware. Darüber hinaus droht ein Identitätsdiebstahl. --------------------------------------------- https://www.watchlist-internet.at/fake-shops/warnung-vor-kaufhaus-guentherd… *** DFN-CERT-2017-0479/">McAfee Advanced Threat Defence (ATD): Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- Ein einfach authentisierter Angreifer im benachbarten Netzwerk mit erweiterten Privilegien kann die SQL-Abfragelogik der Advanced Threat Defense über speziell präparierte HTTP-Anfragen so manipulieren, dass unautorisierte Aktionen im Kontext der unterliegenden Datenbank möglich sind (SQL-Injection). Intel Security erwähnt die Möglichkeit, auf diese Weise Produktinformationen auszuspähen. Die Ausführung beliebigen SQL-Programmcodes ist ebenfalls denkbar, aber nicht bestätigt. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0479/ *** Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017 *** --------------------------------------------- On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux. --------------------------------------------- http://threatpost.com/hackers-take-down-reader-safari-edge-ubuntu-linux-at-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest *** http://www-01.ibm.com/support/docview.wss?uid=swg21994995 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Netezza Host Management (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997019 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearCase (CVE-2016-0718, CVE-2015-1283, CVE-2016-4472, CVE-2015-2716) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998042 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearQuest (CVE-2016-0718, CVE-2015-1283, CVE-2016-4472, CVE-2015-2716) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998866 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearQuest (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998868 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearCase (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998046 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Bluemix January 2017 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg22000092 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2016-8624, CVE-2016-8625) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996857 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight *** http://www-01.ibm.com/support/docview.wss?uid=swg22000124 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence *** http://www-01.ibm.com/support/docview.wss?uid=swg22000123 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 15-03-2017
by Daily end-of-shift report 15 Mar '17

15 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-03-2017 18:00 − Mittwoch 15-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Sicherheitsupdates: Microsoft veranstaltet zwei Patchdays an einem Tag *** --------------------------------------------- Im März holt Microsoft den aus unbekannten Gründen verschobenen Patchday aus dem Februar nach, stellt zudem die Patches für den aktuellen Monat bereit und schließt insgesamt 140 Sicherheitslücken. --------------------------------------------- https://heise.de/-3653806 *** March 2017 security update release *** --------------------------------------------- Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month's security updates can be found on the Security Update Guide. Security bulletins were also published this month to give customers extra time to ensure they are... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/03/14/march-2017-security-upd… *** Propaganda auf Twitter *** --------------------------------------------- Der echte Groundhog Day ist noch nicht lange her, und manchmal kommt es einem so vor, als wäre im Internet jeden Tag "Groundhog Day": manche Sachen wiederholen sich einfach viel zu oft.Aktuell geht es um missbrauchte Twitter-Accounts. Das hatte wir schon im November: twittercounter.com hatte ein Problem, und schon werden Tweets unter falschem Namen verteilt. Das gleiche ist gerade wieder passiert... --------------------------------------------- http://www.cert.at/services/blog/20170315114231-1952.html *** Patchday: Adobe umsorgt Flash und Shockwave Player *** --------------------------------------------- Wie gewohnt flickt Adobe den Flash Player - darüber hinaus bekommt diesen Monat auch der Shockwave Player ein Sicherheitsupdate serviert. --------------------------------------------- https://heise.de/-3653924 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- Two security issues have been identified within Citrix XenServer. These issues could, if exploited, allow the administrator ... --------------------------------------------- https://support.citrix.com/article/CTX220771 *** VMware Workstation and Fusion Memory Access Error in Drag and Drop Function Lets Local Users on a Guest System Gain Elevated Privileges on the Host System *** --------------------------------------------- http://www.securitytracker.com/id/1038025 *** DNSSEC-Schlüsseltausch 2017: ICANN setzt Testseite für Resolver auf *** --------------------------------------------- Sollte es Angreifern gelingen, einen DNSSEC-Schlüssel zu knacken, können sie glaubwürdig aussehende, aber falsche DNS-Replys verbreiten. Deshalb müssen Schlüssel ab und zu gewechselt werden. Bei der Root-Zone ist das eine heikle Sache. --------------------------------------------- https://www.heise.de/newsticker/meldung/DNSSEC-Schluesseltausch-2017-ICANN-… *** Petya ransomware returns, wrapped in extra VX nastiness *** --------------------------------------------- PetrWrap tries to blame its predecessor for attacks Researchers have spotted a variant of last years Petya ransomware, now with updated crypto and ransomware models. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/petya_retur… *** Gefälschte Rechnung auf dropboxusercontent.com *** --------------------------------------------- In einer E-Mail mit dem Betreff "Zahlungsdetails" erhalten Internet-Nutzer/innen angeblich eine Rechnung. Sie steht unter dem Link "dl.dropboxusercontent.com/" als ZIP-Datei zum Download bereit. In Wahrheit handelt es sich bei dem Dokument um Schadsoftware. Aus diesem Grund dürfen Empfänger/innen die angebliche Rechnung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnu… *** Konsumentenschützer wollen Update-Verpflichtung *** --------------------------------------------- Verbraucherorganisationen aus aller Welt fordern die 20 führenden Industrie- und Schwellenländer (G20) zum grenzüberschreitenden Schutz der Konsumenten im Internet auf. --------------------------------------------- https://futurezone.at/digital-life/konsumentenschuetzer-wollen-update-verpf… *** Schwere Sicherheitslücke in den Web-Oberflächen von WhatsApp und Telegram geschlossen *** --------------------------------------------- Eine Lücke bei WhatsApp Web und Telegram Web erlaubt es Angreifern, die Web-Sessions der Messenger zu kapern. Auf diesem Wege können sie Nachrichten mitlesen, Adressbücher kopieren und Schadcode an Kontakte verschicken. --------------------------------------------- https://heise.de/-3653793 *** Where Have All The Exploit Kits Gone? *** --------------------------------------------- For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what's replaced them? --------------------------------------------- http://threatpost.com/where-have-all-the-exploit-kits-gone/124241/ *** Vorsicht Fake: Betrüger locken mit Emulator für Nintendos Switch *** --------------------------------------------- Derzeit kursiert im Internet eine Anwendung, die Spiele von Nintendos aktueller Konsole Switch auf PCs emulieren können soll: Die "Entwickler" hinter dem vermeintlichen Emulator verfolgen aber ein ganz anderes Ziel. --------------------------------------------- https://heise.de/-3654299 *** PowerShell Remoting Artifacts: An Introduction *** --------------------------------------------- Since PowerShell usage by malware is on the rise, in this article series, we will learn about the various artifacts related to PowerShell remoting that can be very beneficial during the investigation and during building stories around Attack Chain. --------------------------------------------- http://resources.infosecinstitute.com/powershell-remoting-artifacts-part-1/ *** Gaps in NIS standardisation: Mapping the requirements of the NIS Directive to specific standards *** --------------------------------------------- ENISA publishes a report on European standardisation within the context of the NIS Directive. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/gaps-in-nis-standardisation-map… *** VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials *** --------------------------------------------- Vulnerability Note VU#553503 D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials --------------------------------------------- http://www.kb.cert.org/vuls/id/553503 *** An Introduction to Penetration Testing Node.js Applications *** --------------------------------------------- In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** SAP pushes to patch risky HANA security flaws before hackers strike *** --------------------------------------------- Europes top software maker SAP said on Tuesday it had patched vulnerabilities in its latest HANA software that had a potentially high risk of giving hackers control over databases and business applications used to run big multinational firms. --------------------------------------------- http://www.reuters.com/article/us-cyber-sap-idUSKBN16L1FH *** JSON Libraries Patched Against Invalid Curve Crypto Attack *** --------------------------------------------- JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. --------------------------------------------- http://threatpost.com/json-libraries-patched-against-invalid-curve-crypto-a… *** Security Advisory - DoS Vulnerability in Vibrator Service of Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170315-… *** Vuln: SAP NetWeaver Visual Composer Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96865 *** JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates *** --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759&actp=RSS *** Vuln: SAP ERP Remote Authorization Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96871 *** Vuln: Trend Micro InterScan Messaging Security CVE-2017-6398 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96859 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Algo One ARA reports can be accessed by another user *** http://www.ibm.com/support/docview.wss?uid=swg21999754 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM Java SDK that affect IBM Security Directory Suite (CVE-2016-5597) October 2016 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg21994296 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010008 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010007 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010009 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010010 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology *** http://www.ibm.com/support/docview.wss?uid=swg21999965 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Web Security Appliance URL Filtering Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Meetings Server XML External Entity Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Meshed Wireless LAN Controller Impersonation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Meetings Server Authentication Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Director Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence Server API Privilege Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 9000 Series Switches Remote Login Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Infrastructure API Credentials Management Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco StarOS SSH Privilege Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 14-03-2017
by Daily end-of-shift report 14 Mar '17

14 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-03-2017 18:00 − Dienstag 14-03-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Stored XSS in WordPress Core *** --------------------------------------------- As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, .. --------------------------------------------- https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.htm *** DSA-3808 imagemagick - security update *** --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3808 *** VMSA-2017-0004 *** --------------------------------------------- VMware product updates resolve remote code execution vulnerability via Apache Struts 2 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0004.html *** Hintergrund: Vom Leben und Sterben der 0days *** --------------------------------------------- Viele diskutieren über Zero-Day-Exploits, doch die wenigsten haben je ein lebendiges Exemplar gesehen. Zwei interessante Studien bringen überraschende Erkenntnisse zur Lebenserwartung dieser gefährlichen Spezies. --------------------------------------------- https://heise.de/-3651392 *** Privatsphäre: Verschleiern der MAC-Adresse bei WLAN ist fast nutzlos *** --------------------------------------------- Die eigene MAC-Adresse beim WLAN zu verschleiern, gilt als eine der zentralen Funktionen zum Schutz der Privatsphäre. Auf mobilen Geräten ist dieser Schutz weitgehend nutzlos. --------------------------------------------- https://www.golem.de/news/privatsphaere-verschleiern-der-mac-adresse-bei-wl… *** Security Bulletins posted for Flash Player and Adobe Shockwave Player *** --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-07) and Adobe Shockwave Player (APSB17-08). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1449 *** Betreiber kritischer Infrastruktur erhalten Zugang zu Behörden-Funk *** --------------------------------------------- "Direkter Draht" zu Behörden im Falle eines kompletten "Blackouts" – Innenministerium stellt Funkgeräte .. --------------------------------------------- http://derstandard.at/2000054157780 *** Red Hat Product Security Risk Report 2016 *** --------------------------------------------- At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2957221

1 0

Tageszusammenfassung - Montag 13-03-2017
by Daily end-of-shift report 13 Mar '17

13 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-03-2017 18:00 − Montag 13-03-2017 18:00 Handler: Olaf Schwarz Co-Handler: Alexander Riepl *** Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products *** --------------------------------------------- On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Bugtraq: [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/540252 *** Bugtraq: [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass *** --------------------------------------------- http://www.securityfocus.com/archive/1/540251 *** SF9 Realex Magento Module Targeted by Credit Card Scrapers *** --------------------------------------------- Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked .. --------------------------------------------- https://blog.sucuri.net/2017/03/sf9-realex-magento-module-targeted-by-credi… *** Letzter Support-Monat für Windows Vista *** --------------------------------------------- Am 11. April will Microsoft zum letzten Mal Sicherheits-Updates für Windows Vista veröffentlichen. Alle nach diesem Termin gefundenen Lücken bleiben ungefixt. Vista an sich läuft zwar weiter, sollte danach aber besser nicht mehr ans Internet. --------------------------------------------- https://www.heise.de/newsticker/meldung/Letzter-Support-Monat-fuer-Windows-… *** Studie: Viele Webseiten setzen verwundbare JavaScript-Bibliotheken ein *** --------------------------------------------- Sicherheitsforscher haben über 100.000 Domains gescannt und herausgefunden, dass auf fast 40 Prozent veraltete und unsichere JavaScript-Bibliotheken zum Einsatz kommen. --------------------------------------------- https://heise.de/-3650648 *** Security Notice - Statement on Remote Code Execution Vulnerability in Apache Struts2 *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170313-01-… *** Betrügerischer Support der US Software Solutions Inc *** --------------------------------------------- Eine vermeintliche Systembenachrichtigung informiert Nutzer/innen darüber, dass ihr Computer mit Schadsoftware befallen sei. Die US Software Solutions Inc .. --------------------------------------------- https://www.watchlist-internet.at/scamming/betruegerischer-support-der-us-s… *** 13 Google Play Store Apps Caught Stealing Instagram Credentials *** --------------------------------------------- Instagram users are once again the targets of malicious Android apps hosted on the Play Store, apps which steal .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/13-google-play-store-apps-ca… *** IBM Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2017-1151) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21999293 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22000120 *** Nintendo Switch: Hacker baut iOS-Exploit um und nutzt Schwachstelle im Browser *** --------------------------------------------- Im Webbrowser der Switch klafft eine Sicherheitslücke, für deren Ausnutzung es bereits Proof-of-Concept-Code gibt. Zudem sind Hacker in den Recovery-Modus der Spielkonsole eingestiegen. --------------------------------------------- https://heise.de/-3650977 *** Vorinstallierte Malware auf Smartphones von LG und Samsung *** --------------------------------------------- Sicherheitsforscher haben Schadsoftware auf neuen Smartphones und Tablets entdeckt. Die Geräte wurden auf dem Vertriebsweg infiziert. --------------------------------------------- https://futurezone.at/digital-life/vorinstallierte-malware-auf-smartphones-…

1 0

Tageszusammenfassung - Freitag 10-03-2017
by Daily end-of-shift report 10 Mar '17

10 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-03-2017 18:00 − Freitag 10-03-2017 18:00 Handler: Olaf Schwarz Co-Handler: Stephan Richter *** After CIA leak, Intel Security releases detection tool for EFI rootkits *** --------------------------------------------- Intel Security has released a tool that allows users to check if their computers low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apples Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from... --------------------------------------------- http://www.cio.com/article/3179345/security/after-cia-leak-intel-security-r… *** Over a Third of Websites Use Outdated and Vulnerable JavaScript Libraries *** --------------------------------------------- More than a third of the websites you visit online may include an outdated JavaScript library thats vulnerable to one or more security flaws. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-a-third-of-websites-use… *** Middle East Government organizations hit with RanRan Ransomware *** --------------------------------------------- Palo Alto Networks discovered a new strain of ransomware, dubbed RanRan ransomware, that has been used in targeted attacks in Middle East. Malware researchers at Palo Alto Networks have spotted a new strain of ransomware, dubbed RanRan, that has been used in targeted attacks against government organizations in the Middle East. --------------------------------------------- http://securityaffairs.co/wordpress/57031/malware/ranran-ransomware.html *** Sicherheit: Tails 2.11 und 3.0 Beta2 freigegeben *** --------------------------------------------- Nur zwei Tage auseinander liegen die Veröffentlichungen von Tails 2.11 und 3.0 Beta. Während 2.11 eine der letzten Aktualisierungen der Distribution auf der Basis von Debian 8 "Jessie" ist, wird Tails 3.0 bei seinem Erscheinen im Juni auf Debian 9 "Stretch" setzen. --------------------------------------------- https://www.golem.de/news/sicherheit-tails-2-11-und-3-0-beta2-freigegeben-1… *** Firefox stellt Support für Windows XP und Vista ein *** --------------------------------------------- Die aktuelle Version 52 des Browsers ist die letzte, die die veralteten Windows-Betriebsysteme unterstützt. --------------------------------------------- https://futurezone.at/produkte/firefox-stellt-support-fuer-windows-xp-und-v… *** How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation *** --------------------------------------------- The Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation. PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to... --------------------------------------------- https://thehackernews.com/2017/03/decrypt-pgp-encryption.html *** Why the SHA-1 collision means you should stop using the algorithm *** --------------------------------------------- Realistically speaking, if your software or system uses the SHA-1 hashing algorithm, it is unlikely that it will be exploited in the foreseeable future. But it is also extremely difficult to be certain that your system wont be the exception. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/03/why-sha-1-collision-means-yo… *** CryptoBlock ransomware and its C2 *** --------------------------------------------- CryptoBlock is an interesting ransomware to keep an eye on. We expect this to be a ransomware that is in development to eventually develop into a RaaS (Ransomware as a Service).Categories: MalwareThreat analysisTags: CryptoBlockraasransomwareRansomware as a Servicevirustotal(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/03/cryptoblock-and-its-c… *** DSA-3806 pidgin - security update *** --------------------------------------------- It was discovered a vulnerability in Pidgin, a multi-protocol instantmessaging client. A server controlled by an attacker can send an invalidXML that can trigger an out-of-bound memory access. This might lead to acrash or, in some extreme cases, to remote code execution in theclient-side. --------------------------------------------- https://www.debian.org/security/2017/dsa-3806 *** Schneider Electric ClearSCADA *** --------------------------------------------- This advisory contains mitigation details for an input validation vulnerability in Schneider Electrics ClearSCADA. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01 *** Security Advisory: Apache Struts 2 vulnerability CVE-2017-5638 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43451236.html?… *** NetIQ Privileged User Manager 2.4.1 HF2 (2.4.1-2) *** --------------------------------------------- Abstract: NetIQ Privileged User Manager 2.4.1 Hot Fix 2 (2.4.1.2). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release does not contain new features.Document ID: 5276651Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:netiq-npum-packages-2.4.1-2.tar.gz (139.85 MB)Products:Privileged User Manager 2.4.1Superceded Patches:PUM2.4.1HF... --------------------------------------------- https://download.novell.com/Download?buildid=88wYDI-5uRA~ *** VMware Workstation update addresses multiple security issues *** --------------------------------------------- a. VMware Workstation DLL loading vulnerability b. VMware Workstation SVGA driver vulnerability c. VMware Workstation NULL pointer dereference vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0003.html *** Vuln: F-Secure Anti-Virus CVE-2017-6466 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96784 *** IBM Security Bulletin: Vulnerabilities in Nagios Core affect IBM Pure Power Integrated Manager (PPIM) (CVE-2016-9565, CVE-2016-9566) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024796 *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21997359 *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21997358

1 0

Tageszusammenfassung - Donnerstag 9-03-2017
by Daily end-of-shift report 09 Mar '17

09 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-03-2017 18:00 − Donnerstag 09-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Jetzt patchen! Apache Struts 2 im Visier von Hackern *** --------------------------------------------- Derzeit nutzen Angreifer gehäuft eine kritische Sicherheitslücke in dem Framework aus und versuchen so Web-Server zu übernehmen. Neue Versionen und Workarounds schaffen Abhilfe. --------------------------------------------- https://heise.de/-3648065 *** Uncovering cross-process injection with Windows Defender ATP *** --------------------------------------------- Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/03/08/uncovering-cross-proces… *** #APF17: Call for Papers *** --------------------------------------------- ENISA's Annual Privacy Forum (APF) is to be held in Vienna on the 7th and 8th June 2017, in collaboration with the Law Faculty of the University of Vienna. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/apf17-call-for-papers *** 185.000 unsichere Webcams könnten Hackern private Einblicke gewähren *** --------------------------------------------- Ein Sicherheitsforscher stieß auf kritische Sicherheitslücken in einer chinesischen Webcam. Das Problem ist, viele Hersteller setzen auf die verwendete Software und verkaufen angreifbare Kameras unter ihrer Marke. --------------------------------------------- https://heise.de/-3648458 *** Emsisoft Releases a Decryptor for the CryptON Ransomware *** --------------------------------------------- Yesterday, Emsisofts CTO and malware researcher Fabian Wosar? released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decrypto… *** SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro Deep Discovery Email Inspector 2.5.1 *** --------------------------------------------- Trend Micro has released a Critical Patch for Deep Discovery Email Inspector (DDEI) 2.5.1. This Critical Patch resolves multiple vulnerabilities related to the user interface (UI) and authentication. --------------------------------------------- https://success.trendmicro.com/solution/1116750 *** Security Notice - Statement on Security Researcher Revealing XSS Security Vulnerability in Huawei HG658 V2 on Packet Storm Website *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170308-01-… *** VU#305448: D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability *** --------------------------------------------- D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected. --------------------------------------------- http://www.kb.cert.org/vuls/id/305448 *** Bugtraq: [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/540239 *** Bugtraq: [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download *** --------------------------------------------- http://www.securityfocus.com/archive/1/540241 *** Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2016-029Project: Services (third-party module)Version: 7.xDate: 2017-March-08Security risk: 21/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Arbitrary PHP code executionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module accepts user submitted data in PHPs serialization format ("Content-Type: application/vnd.php.serialized") --------------------------------------------- https://www.drupal.org/node/2858847 *** PRLP - Critical - Access Bypass and Privilege Escalation - SA-CONTRIB-2017-030 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-030Project: Password Reset Landing Page (PRLP) (third-party module)Version: 8.xDate: 2017-March-08Security risk: 16/25 ( Critical) AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypass, Privilege escalationDescriptionThis module adds a form on the password-reset-landing page to allow changing the password of the user during the log in process.The module does not sufficiently validate all access tokens, which allows an attacker to... --------------------------------------------- https://www.drupal.org/node/2858880 *** Vuln: Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability *** -------------------------------------------- http://www.securityfocus.com/bid/96731 *** Vuln: Apache NiFi CVE-2017-5635 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96730 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect Rational Rhapsody Design Manager with potential for security attacks *** http://www.ibm.com/support/docview.wss?uid=swg21999960 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998463 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436) *** http://www.ibm.com/support/docview.wss?uid=swg21999781 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996748 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 8-03-2017
by Daily end-of-shift report 08 Mar '17

08 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-03-2017 18:00 − Mittwoch 08-03-2017 18:00 Handler: Olaf Schwarz Co-Handler: Petr Sikuta Co-Handler: Stephan Richter *** Little Monsters: Nutzerdaten aus Lady Gagas Social Network sollen geleakt sein *** --------------------------------------------- Bei Lady Gagas App Little Monsters scheinen Nutzerdaten abhanden gekommen zu sein. Im Netz kursiert eine Datenbank mit privaten Daten von knapp einer Million Nutzer. --------------------------------------------- https://heise.de/-3646447 *** Payments Giant Verifone Investigating Breach *** --------------------------------------------- Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was "limited" and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the... --------------------------------------------- https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-b… *** The HTTPS interception dilemma: Pros and cons *** --------------------------------------------- HTTPS is the bread-and-butter of online security. Strong cryptography that works on all devices without complicating things for users. Thanks to innovative projects like Let's Encrypt, adoption of HTTPS is rising steadily: in mid-2015 it was at 39%, now it's at 51% of HTTPS requests. Recent research shows however that HTTPS interception happens quite often. In fact, about 10% of connections to CloudFlare are intercepted, and the main culprits are enterprise network monitoring... --------------------------------------------- https://www.helpnetsecurity.com/2017/03/08/https-interception-dilemma/ *** Start of the Android Security Symposium 2017 *** --------------------------------------------- Today starts the Android Security Symposium at the Technical University of Vienna, courtesy of the Josef Ressel Center u'smile. The upcoming three days are packed with presentations surrounding the entire Android security ecosystem, ranging from presentations about the security architecture of Android by Google and AT&T right this morning, to secure app development, novel attacks,... --------------------------------------------- https://www.sba-research.org/2017/03/08/start-of-the-android-security-sympo… *** 21% of websites still use insecure SHA-1 certificates *** --------------------------------------------- New research from Venafi Labs shows that 21 percent of the world's websites are still using certificates signed with the vulnerable Secure Hash Algorithm, SHA-1. On February 23, 2017, Google affiliated security researchers announced they cracked the SHA-1 security standard using a collision attack. The incident proved that the deprecated cryptographic secure hash algorithm still used to sign many website digital certificates can be manipulated. Newly issued certificates using the SHA-2... --------------------------------------------- https://www.helpnetsecurity.com/2017/03/08/insecure-sha-1-certificates-usag… *** NetIQ Access Manager Directory Traversal Flaw Lets Remote Authenticated Admin Users Download Arbitrary Files on the Target Admin Console System *** --------------------------------------------- http://www.securitytracker.com/id/1037935 *** Bugtraq: Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead *** --------------------------------------------- http://www.securityfocus.com/archive/1/540234 *** Bugtraq: [security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/540233 *** [2017-03-08] Multiple vulnerabilities in Navetti PricePoint *** --------------------------------------------- Navetti PricePoint is vulnerable against a broad range of typical application based vulnerabilities. On one hand an attacker is able to execute arbitrary JavaScript code in the context of an arbitrary user. On the other hand, an attacker is able to read out the contents of the applications database due to missing input validation. Furthermore an attacker can use cross-site request forgery to perform arbitrary web requests with the identity of the victim without being noticed by the victim. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** BlackBerry powered by Android Security Bulletin - March 2017 *** --------------------------------------------- BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000039151 *** DFN-CERT-2017-0404: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0404/ *** Vuln: Mozilla Firefox and Thunderbird Multiple Security Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/96693 https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/ *** Bugtraq: [security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/540238 *** [R1] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities *** --------------------------------------------- http://www.tenable.com/security/tns-2017-07 *** Schneider Electric Wonderware Intelligence *** --------------------------------------------- This advisory contains mitigation details for a credentials management vulnerability in Schneider Electrics Wonderware Intelligence software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-066-01 *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2016-7975, CVE-2016-7986, and CVE-2017-5341 *** https://support.f5.com:443/kb/en-us/solutions/public/k/55/sol55129614.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, and CVE-2017-5342 *** https://support.f5.com:443/kb/en-us/solutions/public/k/04/sol04225025.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, and CVE-2016-7933 *** https://support.f5.com:443/kb/en-us/solutions/public/k/39/sol39512927.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486 *** https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31997425.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, and CVE-2016-7939 *** https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49144112.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2016-7926, CVE-2016-7932, and CVE-2016-7938 *** https://support.f5.com:443/kb/en-us/solutions/public/k/72/sol72403108.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, and CVE-2016-7927 *** https://support.f5.com:443/kb/en-us/solutions/public/k/77/sol77384526.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7983, and CVE-2016-7984 *** https://support.f5.com:443/kb/en-us/solutions/public/k/94/sol94010578.html?… --------------------------------------------- *** Security Advisory: tcpdump vulnerabilities CVE-2016-7985, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, and CVE-2016-8575 *** https://support.f5.com:443/kb/en-us/solutions/public/k/94/sol94778122.html?… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in BIND impact AIX (CVE-2016-9131) *** http://aix.software.ibm.com/aix/efixes/security/bind_advisory15.asc --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ proliferation of channel agents causes denial of service (CVE-2017-1145) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999672 --------------------------------------------- *** IBM Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability *** http://www-01.ibm.com/support/docview.wss?uid=swg21999736 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Asset Analyzer *** http://www-01.ibm.com/support/docview.wss?uid=swg21999881 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-6303, CVE-2016-2182, CVE-2016-2178, CVE-2016-6306, CVE-2016-2183, CVE-2016-2177, CVE-2016-7052) *** http://www.ibm.com/support/docview.wss?uid=swg21999451 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM Reliable Scalable Cluster Technology shipped with IBM Tivoli System Automation for Multiplatforms (CVE-2017-1134). *** http://www.ibm.com/support/docview.wss?uid=swg21998459 --------------------------------------------- *** IBM Security Bulletin: IBM MessageSight affected by GSKit Sweet32 Birthday attacks (CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg21999452 --------------------------------------------- *** IBM Security Bulletin: OpenNTF project Social Business SDK CVE-2016-3092 *** http://www.ibm.com/support/docview.wss?uid=swg21999337 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 7-03-2017
by Daily end-of-shift report 07 Mar '17

07 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-03-2017 18:00 − Dienstag 07-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Sicherheitsupdate härtet WordPress gegen XSS-Angriffe *** --------------------------------------------- Wer das CMS WordPress nutzt sollte sicherstellen, dass die aktuelle Version 4.7.3 installiert ist. Ansonsten könnten Angreifer Sicherheitslücken in vorigen Versionen ausnutzen. --------------------------------------------- https://heise.de/-3645684 *** River City Media: Spammer vergessen 1,4 Milliarden Mailadressen im Netz *** --------------------------------------------- Ein Backup-Fehler dürfte das Aus für ein großes Spamnetzwerk aus den USA bedeuten. River City Media verdiente Geld mit Spam-Nachrichten, SMS-Kampagnen und Affiliate-Marketing - inklusive gefälschter Suchmaschinen. --------------------------------------------- https://www.golem.de/news/river-city-media-spammer-vergessen-1-4-milliarden… *** SAP Security for Beginners part 7: SAP ABAP Platform Security *** --------------------------------------------- >From the previous articles of SAP Security for CISO series (especially SAP Risks), you reviewed many examples of potential attacks on these systems. Now it is time to learn how these attacks can be conducted via vulnerabilities discovered in SAP systems. First, let's look at patching process in SAP. When the vendor fixes vulnerabilities in... --------------------------------------------- http://resources.infosecinstitute.com/sap-security-beginners-part-7-sap-aba… *** TU Wien-Team auf drittem Platz bei internationalem Hacker-Wettbewerb *** --------------------------------------------- International Capture The Flag-Bewerb mit Internet-Sicherheits-Teams von 78 Universitäten --------------------------------------------- http://derstandard.at/2000053747853 *** A tcpdump Tutorial and Primer with Examples *** --------------------------------------------- Mar 6, 2017 - I just performed a major update to this tutorial after over 10 years. The update includes a fully functional table of contents and a number of additional explanations. Enjoy! --------------------------------------------- https://danielmiessler.com/study/tcpdump/ *** WikiLeaks Releases CIA Hacking Tools *** --------------------------------------------- WikiLeaks just released a cache of 8,761 classified CIA documents from 2012 to 2016, including details of its offensive Internet operations.I have not read through any of them yet. If you see something interesting, tell us in the comments. --------------------------------------------- https://www.schneier.com/blog/archives/2017/03/wikileaks_relea.html *** DFN-CERT-2017-0394: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0394/ *** WordPress Multiple Plugins - Remote File Upload *** --------------------------------------------- Topic: WordPress Multiple Plugins - Remote File Upload Risk: High Text:Id like to report multiple remote file upload vulnerabilities on five plugins, attached is the PoC exploit and screenshot ; It... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017030065 *** [2017-03-07] Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud *** --------------------------------------------- Multiple critical vulnerabilities, such as unauthenticated OS command injection or arbitrary file upload, within the WD My Cloud devices allow an attacker to gain access on the device. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Sicherheitsupdate für Symantec Endpoint Protection *** --------------------------------------------- Symantec Endpoint Protection ist ein Softwarepaket zum Schutz vor Viren und Malware.In Symantec Endpoint Protection 12.1 existiert eine Sicherheitslücke, die es einem Angreifer mit Zugriff auf Ihren Computer unter bestimmten Umständen ermöglicht, diesen zu übernehmen und massiv zu schädigen. Eine weitere Sicherheitslücke in Symantec Endpoint Protection 12.1 und 14.0 ermöglicht es dem Angreifer, beliebige Befehle auf Ihrem Computer auszuführen. --------------------------------------------- https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_… *** VU#355151: ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities *** --------------------------------------------- Vulnerability Note VU#355151 ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities Original Release date: 07 Mar 2017 | Last revised: 07 Mar 2017 Overview According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Description According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version... --------------------------------------------- http://www.kb.cert.org/vuls/id/355151 *** Security Advisory: The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23022557.html?… *** Vuln: WePresent WiPG-1500 Device CVE-2017-6351 Hardcoded Password Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96588 *** Vuln: TeX Live CVE-2016-10243 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96593 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Information Disclosure vulnerability affects IBM DB2 LUW (CVE-2017-1150) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999515 --------------------------------------------- *** IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2016-9131, CVE-2016-9444, CVE-2016-9147, CVE-2016-9778 and CVE-2017-3135) *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021889 --------------------------------------------- *** IBM Security Bulletin: Multiple cross-site scripting vulnerabilities found in IBM UrbanCode Deploy (CVE-2016-9006) *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000264 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999723 --------------------------------------------- *** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. *** http://www-01.ibm.com/support/docview.wss?uid=swg21999671 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Websphere Application Server affects IBM Cognos Metrics Manager (CVE-2016-5983) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999722 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933) *** http://www.ibm.com/support/docview.wss?uid=swg21997223 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 6-03-2017
by Daily end-of-shift report 06 Mar '17

06 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-03-2017 18:00 − Montag 06-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** 25 Jahre Michelangelo: Der Tag der großen Virenpanik *** --------------------------------------------- Am 6. März 1992 hielt die Welt den Atem an. An diesem Tag sollte der Michelangelo-Virus Tausende, wenn nicht gar Millionen Festplatten löschen. Zum 25. Jahrestag beleuchtet c't die Geschichte des berüchtigten Virus. --------------------------------------------- https://heise.de/-3643630 *** Attacking machine learning with adversarial examples *** --------------------------------------------- Conclusion Adversarial examples show that many modern machine learning algorithms can be broken in surprising ways. These failures of machine learning demonstrate that even simple algorithms can behave very differently from what their designers intend. We encourage machine learning researchers to get involved and design methods for preventing adversarial examples, in order to close this gap between what designers intend and how algorithms behave. If youre interested in working on adversarial... --------------------------------------------- https://openai.com/blog/adversarial-example-research/ *** Lets Act Now to Prevent Hacking of the Power Grid *** --------------------------------------------- Standards, guidelines and exercises have bolstered the security of high-voltage networks but little has been done to protect the low-voltage systems that power our homes and workplaces. --------------------------------------------- http://europe.newsweek.com/lets-act-now-prevent-hacking-power-grid-563609 *** DFIR Tools *** --------------------------------------------- Over 600 DFIR tools in an online searchable database. --------------------------------------------- http://www.dfir.training/index.php/tools/advanced-search *** Uber Uses Ubiquitous Surveillance to Identify and Block Regulators *** --------------------------------------------- The New York Times reports that Uber developed apps that identified and blocked government regulators using the app to find evidence of illegal behavior:Yet using its app to identify and sidestep authorities in places where regulators said the company was breaking the law goes further in skirting ethical lines -- and potentially legal ones, too. Inside Uber, some of those who knew about the VTOS program and how the Greyball tool was being used were troubled by it.[...]One method involved... --------------------------------------------- https://www.schneier.com/blog/archives/2017/03/uber_uses_ubiqu.html *** Western Digital My Cloud: NAS-Gerät macht jeden zum Admin *** --------------------------------------------- Western Digital hat in der Hackerszene nicht den Ruf, Schwachstellen schnell zu beheben. Sicherheitslücken, die den Login-Vorgang und die Ausführung von Code betreffen, wurden daher ohne Responsible Disclosure veröffentlicht - damit die Nutzer handeln können. --------------------------------------------- https://www.golem.de/news/western-digital-my-cloud-nas-geraet-macht-jeden-z… *** Nextcloud-Scan: Security-Prüfung für Cloud-Speicher *** --------------------------------------------- Zwei Drittel der öffentlich erreichbaren Installation von ownCloud oder dessen Fork Nextcloud sind angreifbar. Ob die eigene Instanz betroffen ist, können Anwender auf einer Website überprüfen. --------------------------------------------- https://heise.de/-3645045 *** MMD-0062-2017 - Credential harvesting by SSH Direct TCP Forward attack via IoT botnet *** --------------------------------------------- In this post there is no malicious software/malware analyzed, but this is one of the impact of the malware infected IoT devices caused by weak credentials are described indirectly. The only malicious aspect written in the post is the individual(s) involved and participate to these attacks, and, well, I personally do not think the tool used is also malicious too since. in a way, it is very useful for UNIX networking and development. --------------------------------------------- http://blog.malwaremustdie.org/2017/02/mmd-0062-2017-ssh-direct-tcp-forward… *** Security Advisory - Arbitrary Memory Read Write Vulnerability in Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170306-… *** Vuln: EPSON TMNet WebConfig CVE-2017-6443 Multiple HTML Injection Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/96556 *** Vuln: FreeIPA CVE-2017-2590 Multiple Security Bypass Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/96557 *** [R3] SecurityCenter 5.4.4 Fixes File Upload unserialize() Function PHP Object Handling Remote File Deletion *** --------------------------------------------- Advisory Timeline 2017-02-17 - [R1] Initial Release 2017-02-28 - [R2] Adjust CVSS for worst-case scenario (AV:A -> AV:N) 2017-03-03 - [R3] Add SC upgrade information --------------------------------------------- https://www.tenable.com/security/tns-2017-05 *** Vuln: Piwik Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96567 *** keepassxc / zxcvbn-c One byte stack buffer overflow *** --------------------------------------------- Topic: keepassxc / zxcvbn-c One byte stack buffer overflow Risk: High Text:Hi, I recently reported a one byte buffer overflow in keepassxc [1] [2]. Its a pretty typical C bug: An array supposed to ... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017030044 *** DSA-3802 zabbix - security update *** --------------------------------------------- An SQL injection vulnerability has been discovered in the Latest datapage of the web frontend of the Zabbix network monitoring system --------------------------------------------- https://www.debian.org/security/2017/dsa-3802 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSource GNU C library affects IBM Netezza Host Management (CVE-2015-8776) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997242 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the libgcrypt library (CVE-2016-6313) *** http://www.ibm.com/support/docview.wss?uid=swg21999613 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-2177, CVE-2016-6306, CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999357 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in OpenLDAP (CVE-2015-6908) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999615 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999614 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere Commerce admin utilities could lead to disclosure of user personal data (CVE-2016-5894) *** http://www.ibm.com/support/docview.wss?uid=swg21997408 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 3-03-2017
by Daily end-of-shift report 03 Mar '17

03 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-03-2017 18:00 − Freitag 03-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** WhatsApp - Unsicher trotz Verschlüsselung *** --------------------------------------------- Die Einführung der Ende-zu-Ende-Verschlüsselung wurde von WhatsApp-Nutzern und Datenschützern sehr begrüßt. Dass es hierbei aber dennoch zu erheblichen Sicherheitsproblemen kommt, haben nun Forscher des Fraunhofer-Instituts für Angewandte und Integrierte Sicherheit AISEC herausgefunden. Betroffen sind vor allem Android-Nutzer. --------------------------------------------- https://www.aisec.fraunhofer.de/de/presse-und-veranstaltungen/presse/presse… *** Undocumented Backdoor Account in DBLTek GoIP *** --------------------------------------------- Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in... --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-A… *** Command Input Typo Caused Massive AWS S3 Outage *** --------------------------------------------- In a postmortem status report, Amazon blamed a command input typo for the massive AWS S3 outage that took out a large chunk of the Internet three days ago. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/hardware/command-input-typo-caused-ma… *** Malware Retrieves PowerShell Scripts from DNS Records *** --------------------------------------------- Malware researchers have come across a new Remote Access Trojan (RAT) that uses a novel technique to evade detection on corporate networks by fetching malicious PowerShell commands stored inside a domains DNS TXT records. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/malware-retrieves-powershell… *** January-February 2017 *** --------------------------------------------- The NCCIC/ICS-CERT Monitor for January/February 2017 is a summary of ICS-CERT activities for the previous two months. --------------------------------------------- https://ics-cert.us-cert.gov/monitors/ICS-MM201702 *** Lernkurve mit neuem Feed *** --------------------------------------------- Wir sammeln aus vielen Quellen Informationen zu Infektionen und anderen Sicherheitsproblemen im österreichischen Internet und geben diese an die Netzbetreiber weiter. Details dazu stehen in unserem Jahresbericht. Kürzlich haben wir eine neuen Anbieter in unser Portfolio aufgenommen, der unser Lagebild zu Infektionen verbessern sollte. Seit vorgestern verteilen wir Daten aus dieser Quelle. Wir bekamen von einigen Seiten Feedback, dass hier was... --------------------------------------------- http://www.cert.at/services/blog/20170303152402-1946.html *** IDM 4.5 SAP HR Driver Version 4.0.1.0 *** --------------------------------------------- Abstract: Patch update for the Identity Manager SAP HR driver with the SAP JCO version 3. This patch will take the driver version to 4.0.1.0. You must have IDM 4.5 with SP2 or later to use this driver. You should only use this if you are using SAP JCO3. It will not work with SAP JCO2. NetIQ/MicroFocus recommends that users of SAP JCO2 transition to SAP JCO3 and use the IDM SAP HR driver for JCO3. Beginning with IDM 4.0 JCO2 is no longer supported.Document ID: 5258492Security Alert: --------------------------------------------- https://download.novell.com/Download?buildid=KbKm3O1mw4M~ *** VMSA-2017-0002 *** --------------------------------------------- Horizon DaaS update addresses an insecure data validation issue --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0002.html *** Vuln: Rapid7 Insight Collector CVE-2017-5234 DLL Loading Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96545 *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in Network Security Services (NSS) (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998918 *** Eaton xComfort Ethernet Communication Interface *** --------------------------------------------- This advisory contains mitigation details for an improper access controls vulnerability in the Eaton xComfort Ethernet Communication Interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01 *** Schneider Electric Conext ComBox *** --------------------------------------------- This advisory contains mitigation details for a resource exhaustion vulnerability in Schneider Electric's Conext ComBox solar battery monitor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-061-02

1 0

Tageszusammenfassung - Donnerstag 2-03-2017
by Daily end-of-shift report 02 Mar '17

02 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-03-2017 18:00 − Donnerstag 02-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Kaspersky Releases Decryptor for the Dharma Ransomware *** --------------------------------------------- Kaspersky has tested a set of Dharma master decryption keys posted to BleepingComputer and has confirmed they are legitimate. These keys have been included in their RakhniDecryptor, which I have tested against a Dharma infection. The decryptor worked flawlessly! [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor… *** The Story of an Expired WHOIS Server *** --------------------------------------------- We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into the WHOIS results for a domain name. If you are not familiar with "WHOIS", it is a protocol used to check who owns a specific domain name. These simple text records are publicly available and usually contain contact details for the website owner, i.e. their name, address, and phone number (unless the website owner purchased a WHOIS... --------------------------------------------- https://blog.sucuri.net/2017/03/story-expired-whois-server.html *** Infected Apps in Google Play Store (its not what you think), (Thu, Mar 2nd) *** --------------------------------------------- Xavier pointed me towards a new issue posted on Palo Altos Unit 42 blog - the folks at PA found apps in the Google Play store infected with hidden-iframe type malware. 132 apps (so far) are affected, with the most popular one seeing roughly 10,000 downloads. But were not at the end of the trail of breadcrumbs yet .. these apps were traced back to just 7 developers, who arent in the same company, but all have a connection to Indonesia (the smoking gun here was the code signing certificate). But... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22139&rss *** Researcher Breaks reCAPTCHA Using Googles Speech Recognition API *** --------------------------------------------- A researcher has discovered what he calls a "logic vulnerability" that allowed him to create a Python script that is fully capable of bypassing Googles reCAPTCHA fields using another Google service, the Speech Recognition API. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/researcher-breaks-recaptcha-… *** Crypt0L0cker Ransomware is Back with Campaigns Targeting Europe *** --------------------------------------------- Crypt0L0cker, otherwise known as TorrentLocker, has started to make resurgence as it performs targeted campaigns at European countries. These attacks are also now using Italys PEC system to digitaly sign SPAM emails in order to make them look more official. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/crypt0l0cker-ransomware-is-b… *** Security Advisory - Buffer Overflow Vulnerability in the Boot Loaders of Huawei Mobile Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170302-… *** DSA-3799 imagemagick - security update *** --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Variousmemory handling problems and cases of missing or incomplete inputsanitising may result in denial of service or the execution of arbitrarycode if malformed TIFF, WPG, IPL, MPC or PSB files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3799 *** AES - Critical - Unsupported - SA-CONTRIB-2017-027 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-027Project: AES encryption (third-party module)Version: 7.x, 8.xDate: 2017-March-01DescriptionThis module provides an API that allows other modules to encrypt and decrypt data using the AES encryption algorithm.The module does not follow requirements for encrypting data safely. An attacker who gains access to data encrypted with this module could decrypt it more easily than should be possible. The maintainer has opted not to fix these weaknesses. See solution... --------------------------------------------- https://www.drupal.org/node/2857028 *** Remember Me - Critical - Unsupported - SA-CONTRIB-2017-025 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-025Project: Remember Me (third-party module)Version: 7.xDate: 2017-March-01Description Remember me is a module that allows users to check "Remember me" when logging in. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466CVE identifier(s) issuedA CVE identifier will... --------------------------------------------- https://www.drupal.org/node/2857015 *** Breakpoint Panels - Critical - Unsupported - SA-CONTRIB-2017-028 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-028Project: breakpoint panels (third-party module)Version: 7.xDate: 2017-March-01Description Breakpoint panels adds a button to the Panels In-Place Editor for each pane. When selected, it will display checkboxes next to all of the breakpoints specified in that modules UI. Unchecking any of these will hide it from that breakpoint. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by... --------------------------------------------- https://www.drupal.org/node/2857073 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to missing authentication checks (CVE-2016-9729) *** http://www.ibm.com/support/docview.wss?uid=swg21999545 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to SQL injection (CVE-2016-9728) *** http://www.ibm.com/support/docview.wss?uid=swg21999543 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to cross site scripting (CVE-2016-9723, CVE-2017-1133) *** http://www.ibm.com/support/docview.wss?uid=swg21999534 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to cross-site request forgery (CVE-2016-9730) *** http://www.ibm.com/support/docview.wss?uid=swg21999549 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML Entity Injection (CVE-2016-9724) *** http://www.ibm.com/support/docview.wss?uid=swg21999537 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to OS command injection (CVE-2016-9726, CVE-2016-9727) *** http://www.ibm.com/support/docview.wss?uid=swg21999542 --------------------------------------------- *** IBM Security Bulletin: Malicious File Download vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) CVE-2016-9693 *** https://www-01.ibm.com/support/docview.wss?uid=swg21998655 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-7053, CVE-2016-7054, CVE-2016-7055) *** http://www.ibm.com/support/docview.wss?uid=swg21998755 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ administration command could cause denial of service (CVE-2016-8971) *** https://www-01.ibm.com/support/docview.wss?uid=swg21998663 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970) *** http://www.ibm.com/support/docview.wss?uid=swg21999185 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Sterling Connect:Express for UNIX (CVE-2016-7055, CVE-2017-3731 and CVE-2017-3732) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999470 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark *** http://www.ibm.com/support/docview.wss?uid=swg21999561 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio *** http://www-01.ibm.com/support/docview.wss?uid=swg21999668 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injection (CVE-2017-1124) *** http://www.ibm.com/support/docview.wss?uid=swg21998053 --------------------------------------------- *** IBM Security Bulletin: Mozilla NSS as used in IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2016-2834) *** http://www.ibm.com/support/docview.wss?uid=swg21999532 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to a denial of service (CVE-2016-9740) *** http://www.ibm.com/support/docview.wss?uid=swg21999556 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to information exposure (CVE-2016-9720) *** http://www.ibm.com/support/docview.wss?uid=swg21999533 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to overly permissive CORS access policies (CVE-2016-9725) *** http://www.ibm.com/support/docview.wss?uid=swg21999539 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 1-03-2017
by Daily end-of-shift report 01 Mar '17

01 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-02-2017 18:00 − Mittwoch 01-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Dridex Becomes First Malware Family to Integrate AtomBombing Technique *** --------------------------------------------- Bad news from malware-land after security researchers from IBM reported today theyd discovered the first samples of version 4.0 of the infamous and highly-active Dridex banking trojan. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/dridex-becomes-first-malware… *** Android: Passwort-Manager mit Sicherheitslücken *** --------------------------------------------- Passwort-Manager verwalten auf Smartphones diverse Zugangsdaten. Das ist zwar praktisch - doch nicht immer sind die Daten auch sicher verwahrt, wie das Frauenhofer SIT herausfand. Einige der untersuchten Apps wiesen gravierende Mängel auf. --------------------------------------------- https://heise.de/-3640040 *** Botnets *** --------------------------------------------- Botnets have existed for at least a decade. As early as 2000, hackers were breaking into computers over the Internet and controlling them en masse from centralized systems. Among other things, the hackers used the combined computing power of these botnets to launch distributed denial-of-service attacks, which flood websites with traffic to take them down.But now the problem is getting worse, thanks to a flood of cheap webcams, digital video recorders, and other gadgets in the "Internet of... --------------------------------------------- https://www.schneier.com/blog/archives/2017/03/botnets.html *** BSI legt Grundstein für Prüfungen gemäß IT-Sicherheitsgesetz *** --------------------------------------------- Betreiber kritischer Infrastruktur müssen sich zukünftig regelmäßig prüfen lassen und dabei nachweisen, Sicherheitsvorkehrungen gemäß dem Stand der Technik vorgenommen zu haben. Die ersten Schulungen für Prüfer machen klar, was das konkret bedeutet. --------------------------------------------- https://heise.de/-3632463 *** Wir werden alle an der Cloud verbluten .. oder so *** --------------------------------------------- http://www.cert.at/services/blog/20170301112306-1918.html *** [2017-03-01] XXE and XSS vulnerabilities in Aruba AirWave *** --------------------------------------------- The authenticated XXE and reflected XSS vulnerabilities were found in Aruba AirWave versions prior to 8.2.3.1. The XXE flaw can be exploited by either a low-privileged user or a social engineering attack which could allow an attacker to read sensitive files on the system. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** DFN-CERT-2017-0362: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0362/ *** SSA-934525 (Last Update 2017-03-01): Vulnerability in SINUMERIK Integrate *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525… *** SSA-701708 (Last Update 2017-03-01): Local Privilege Escalation in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… *** SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro SafeSync for Enterprise (SSFE) 3.2 *** --------------------------------------------- Trend Micro has released a new build for Trend Micro SafeSync for Enterprise (SSFE) 3.2. This fix resolves multiple vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. --------------------------------------------- https://success.trendmicro.com/solution/1116749 *** Cisco Prime Infrastructure Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. There are no workarounds that address this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Cisco NetFlow Generation Appliance Stream Control Transmission Protocol Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data... --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718) *** --------------------------------------------- A vulnerability has been identified in the Expat XML parser, which affects IBM Security Access Manager appliances. CVE(s): CVE-2016-0718 Affected product(s) and affected version(s): IBM Security Access Manager for Web 7.0 appliances, all firmware versions. IBM Security Access Manager for Web 8.0 appliances, all firmware versions. IBM Security Access Manager for Mobile 8.0 appliances, all... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998991 *** IBM Security Bulletin: Tivoli Storage Manger (IBM Spectrum Protect) SQL interface vulnerable to unauthorized access (CVE-2016-8940) *** --------------------------------------------- Tivoli Storage Manager (IBM Spectrum Protect) SQL interface is vulnerable to unauthorized access to user credentials and product sensitive information. CVE(s): CVE-2016-8940 Affected product(s) and affected version(s): This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels: 7.1.0.0 through 7.1.7.0 6.3.0.0 through 6.3.6.0 6.2, 6.1, and 5.5 all levels (these releases... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998946 *** Novell Patches *** --------------------------------------------- *** iManager 3.0.2.1 *** https://download.novell.com/Download?buildid=z_UnDt0kYyM~ --------------------------------------------- *** eDirectory 8.8 SP8 Patch 9 HotFix 2 *** https://download.novell.com/Download?buildid=KcXKGUw7GSg~ --------------------------------------------- *** eDirectory 9.0.2 Hot Fix 2 *** https://download.novell.com/Download?buildid=dRl85TKqwOE~ --------------------------------------------- *** iManager 2.7 Support Pack 7 - Patch 9 *** https://download.novell.com/Download?buildid=v_njeFs4biE~ ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 28-02-2017
by Daily end-of-shift report 28 Feb '17

28 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-02-2017 18:00 − Dienstag 28-02-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Mac-AV-Software ermöglichte Einschleusen von Schadcode *** --------------------------------------------- Eine unzureichende Absicherung bei der Lizenzprüfung von Eset Endpoint Antivirus für macOS ermöglichte es einem Angreifer, beliebigen Code mit Root-Rechten auszuführen. Die als kritisch eingestufte Sicherheitslücke wurde inzwischen behoben. --------------------------------------------- https://heise.de/-3638786 *** MongoDB: Sprechender Teddy teilte alle Daten mit dem Internet *** --------------------------------------------- Spielzeug aus der Cloudpets-Reihe zeichnet die Stimmen der Kinder auf. Wem das nicht schon zu creepy ist, der dürfte sich spätestens über die offene MongoDB-Datenbank aufregen. 800.000 Nutzer mit über 2 Millionen Sprachsamples sind betroffen. (Spielzeug, Datenschutz) --------------------------------------------- https://www.golem.de/news/mongodb-sprechender-teddy-teilte-alle-daten-mit-d… *** Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs *** --------------------------------------------- A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a websites database. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/severe-sql-injection-flaw-di… *** Decrypting after a Findzip ransomware infection *** --------------------------------------------- The Findzip ransomware was discovered on February 22, 2017. At that time, it was thought that files would be irreversibly encrypted by this ransomware, with no chance of decryption. Turns out, thats not quite true. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip… *** Guidelines on Incident Notification for Digital Service Providers *** --------------------------------------------- ENISA publishes a comprehensive guideline on how to implement incident notification requirements for Digital Service Providers, in the context of the NIS Directive. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/guidelines-on-incident-notifica… *** DFN-CERT-2017-0355: TYPO3: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe und das Umgehen von Sichherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0355/ *** DFN-CERT-2017-0340: Red Hat Package Manager (RPM): Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0340/ *** SAP BusinessObjects Financial Consolidation Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037910 *** VU#742632: Sage XRT Treasury database fails to properly restrict access to authorized users *** --------------------------------------------- Vulnerability Note VU#742632 Sage XRT Treasury database fails to properly restrict access to authorized users Original Release date: 28 Feb 2017 | Last revised: 28 Feb 2017 Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT Treasury is a business finance... --------------------------------------------- http://www.kb.cert.org/vuls/id/742632 *** DFN-CERT-2017-0356: ktnef: Eine Schwachstelle ermöglicht u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0356/ *** Bugtraq: Advisory X41-2017-001: Multiple Vulnerabilities in X.org *** --------------------------------------------- http://www.securityfocus.com/archive/1/540180 *** VTS17-003: Multiple Vulnerabilities in Veritas NetBackup and NetBackup Appliance *** --------------------------------------------- https://www.veritas.com/content/support/en_US/security/VTS17-003.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2017 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg21998379 --------------------------------------------- *** IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995) *** http://www.ibm.com/support/docview.wss?uid=swg21998885 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Jazz for Service Management affects IBM Performance Management products (CVE-2016-9975) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993846&myns=swgtiv&mynp=… --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller *** http://www-01.ibm.com/support/docview.wss?uid=swg21983083 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983082 --------------------------------------------- *** IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products *** http://www.ibm.com/support/docview.wss?uid=swg21993794 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Controller. *** http://www-01.ibm.com/support/docview.wss?uid=swg21977636 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Controller (CVE-2015-3195) *** http://www-01.ibm.com/support/docview.wss?uid=swg21976531 --------------------------------------------- *** IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999478 --------------------------------------------- *** IBM Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999395 --------------------------------------------- *** IBM Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050) *** http://www.ibm.com/support/docview.wss?uid=swg21999474 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879) *** http://www.ibm.com/support/docview.wss?uid=swg21997341 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880) *** http://www.ibm.com/support/docview.wss?uid=swg21997340 --------------------------------------------- *** IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999488 --------------------------------------------- *** IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM and Incident Forensics is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999479 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 27-02-2017
by Daily end-of-shift report 27 Feb '17

27 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-02-2017 18:00 − Montag 27-02-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Project Zero: Erneut ungepatchter Microsoft-Bug veröffentlicht *** --------------------------------------------- Project Zero meint es ernst: Zum dritten Mal innerhalb weniger Monate gibt es einen Bugreport ohne Patch von Microsoft. Dieses Mal handelt es sich um einen Type-Confusion-Fehler in Internet Explorer und Edge. --------------------------------------------- https://www.golem.de/news/project-zero-erneut-ungepatchter-microsoft-bug-ve… *** DFN-CERT-2017-0348: Microsoft Internet Explorer, Microsoft Edge: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer, welcher einen Benutzer zum Besuch einer bösartig manipulierten Webseite verleiten kann, kann die Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Zustand zu bewirken oder beliebigen Programmcode zur Ausführung zu bringen. Diese Schwachstelle wird von dem Google Projekt Zero veröffentlicht, da der Zeitraum, der dem Hersteller zum Beheben der Schwachstelle eingeräumt wurde (90 Tage), abgelaufen ist. Ein Sicherheitsupdate steht derzeit noch nicht zur Verfügung. Ein Proof-of-Concept zur Ausnutzung der Schwachstelle ist ebenfalls verfügbar. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0348/ *** Cloudflare data leak...what does it mean to me?, (Fri, Feb 24th) *** --------------------------------------------- The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is that in raresituations, a bug in Cloudflares edge servers could be triggered, which would cause a buffer overrun to occur. When these buffer overruns occurred, random data would be returned in the replies from the Cloudflare servers. This data would be data from any of Cloudflares customer... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22113&rss *** Zahlungsverkehr: Swift verlangt bessere Cyberabwehr *** --------------------------------------------- Im Kampf gegen Cyberkriminelle verlangt das Zahlungsverkehrssystem Swift größere Anstrengungen seitens der angeschlossenen Banken. --------------------------------------------- https://futurezone.at/b2b/zahlungsverkehr-swift-verlangt-bessere-cyberabweh… *** DSA-3795 bind9 - security update *** --------------------------------------------- It was discovered that a maliciously crafted query can cause ISCsBIND DNS server (named) to crash if both Response Policy Zones (RPZ)and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. Itis uncommon for both of these options to be used in combination, sovery few systems will be affected by this problem in practice. --------------------------------------------- https://www.debian.org/security/2017/dsa-3795 *** SHA1 Collision Attack Makes Its First Victim: Subversion Repositories *** --------------------------------------------- It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-… *** DSA-3796 apache2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in the Apache2 HTTP server. --------------------------------------------- https://www.debian.org/security/2017/dsa-3796 *** More on Bluetooth Ingenico Overlay Skimmers *** --------------------------------------------- This blog has featured several stories about "overlay" card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. Im revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers. --------------------------------------------- https://krebsonsecurity.com/2017/02/more-on-bluetooth-ingenico-overlay-skim… *** Gefälschte Oberbank-Nachricht: Konto gesperrt! *** --------------------------------------------- Kund/innen erhalten scheinbar eine E-Mail der Oberbank. Darin heißt es, dass es zu einem nicht autorisierten Zugriff auf ihr Konto gekommen sei. [...] Es handelt sich um einen Phishingversuch! --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-oberbank-nachricht-k… *** Cyber extortionists hold MySQL databases for ransom *** --------------------------------------------- Ransomware has become cyber crooks' favorite attack methodology for hitting businesses, but not all cyber extortion attempts are effected with this particular type of malware. Since the beginning of the year, we have witnessed attackers compromising databases, exfiltrating data from them, wiping them and then asking for money (0.2 BTC) in order to return the data. They ransacked MongoDB, CouchDB and Hadoop databases, and now they've set MySQL databases in their sights. According to... --------------------------------------------- https://www.helpnetsecurity.com/2017/02/27/mysql-databases-ransom/ *** Security products and HTTPS: lets do it better *** --------------------------------------------- A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether? --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/02/security-products-and-https-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: Slowloris denial-of-service attack vulnerability CVE-2007-6750 *** https://support.f5.com:443/kb/en-us/solutions/public/12000/600/sol12636.htm… --------------------------------------------- *** Security Advisory: Linux kernel vulnerability CVE-2016-9555 *** https://support.f5.com:443/kb/en-us/solutions/public/k/54/sol54095660.html?… --------------------------------------------- *** Security Advisory: Expat XML library vulnerability CVE-2015-2716 *** https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50459349.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8688 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35263486.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8689 *** https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52697522.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8687 *** https://support.f5.com:443/kb/en-us/solutions/public/k/13/sol13074505.html?… --------------------------------------------- *** Security Advisory: Linux kernel vulnerability CVE-2016-4998 *** https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74171196.html?… --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2017-3732 *** https://support.f5.com:443/kb/en-us/solutions/public/k/44/sol44512851.html?… --------------------------------------------- *** Security Advisory: F5 TLS vulnerability CVE-2016-9244 *** https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05121675.html?… --------------------------------------------- *** Security Advisory: PHPMailer vulnerability CVE-2016-10045 *** https://support.f5.com:443/kb/en-us/solutions/public/k/73/sol73926196.html?… --------------------------------------------- *** Security Advisory: BIG-IP REST vulnerability CVE-2016-6249 *** https://support.f5.com:443/kb/en-us/solutions/public/k/12/sol12685114.html?… --------------------------------------------- *** Security Advisory: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337 *** https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59836191.html?… --------------------------------------------- *** Security Advisory: perl-XML-Twig vulnerability CVE-2016-9180 *** https://support.f5.com:443/kb/en-us/solutions/public/k/08/sol08383757.html?… --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2017-3731 *** https://support.f5.com:443/kb/en-us/solutions/public/k/37/sol37526132.html?… --------------------------------------------- *** Security Advisory: BIND vulnerability CVE-2017-3135 *** https://support.f5.com:443/kb/en-us/solutions/public/k/80/sol80533167.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2015-8806 *** https://support.f5.com:443/kb/en-us/solutions/public/k/04/sol04450715.html?… --------------------------------------------- *** Security Advisory: GnuTLS vulnerability CVE-2017-5334 *** https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31336596.html?… --------------------------------------------- *** Security Advisory: iControl vulnerability CVE-2016-9256 *** https://support.f5.com:443/kb/en-us/solutions/public/k/47/sol47284724.html?… --------------------------------------------- *** Security Advisory: TMM vulnerability CVE-2016-9245 *** https://support.f5.com:443/kb/en-us/solutions/public/k/22/sol22216037.html?… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 24-02-2017
by Daily end-of-shift report 24 Feb '17

24 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-02-2017 18:00 − Freitag 24-02-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Kriminelle versenden gefälschte BAWAK P.S.K.-SMS *** --------------------------------------------- In einer gefälschten BAWAG P.S.K.-SMS heißt es, dass die Bank das Konto von Kund/innen gesperrt habe. Damit diese ihr Konto wieder aktivieren können, sollen sie eine Website aufurfen und ihre Zugangsdaten bekannt geben. Achtung: Es handelt sich um einen Phishingversuch. Am besten ist es, wenn Sie die SMS löschen. --------------------------------------------- https://www.watchlist-internet.at/phishing/kriminelle-versenden-gefaelschte… *** Worlds Largest Spam Botnet Adds DDoS Feature *** --------------------------------------------- Necurs, the worlds largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/worlds-largest-spam-botnet-a… *** Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities *** --------------------------------------------- Just by preventing access to admin accounts, a system administrator could safeguard all the computers under his watch and prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft patched during the past year. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/removing-user-admin-rights-… *** Bleeding clouds: Cloudflare server errors blamed for leaked customer data *** --------------------------------------------- While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and tokens, to credentials.Cloudflare moved quickly to fix things, but their postmortem downplays the risk to customers, Ormandy said.The problem on Cloudflares side, which impacted big brands like Uber, Fitbit, 1Password, and OKCupid, was a memory leak. The flaw --------------------------------------------- http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflar… *** Leaked Android Banking Trojan Spotted in Disguise on the Google Play Store *** --------------------------------------------- Just as security experts have predicted, the source code of a potent Android banking trojan that was leaked online in mid-December 2016, is now being seen in live attacks on a regular basis. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/leaked-android-banking-troja… *** LibreOffice Calc and Writer Embedded Object Preview Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037893 *** [Xen-announce] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe *** --------------------------------------------- A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation. --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2017-02/msg00004.html *** [Xen-announce] Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages *** --------------------------------------------- A malicious or buggy guest may corrupt hypervisor state, commonly leading to a host crash (Denial of Service). Privilege escalation or information leaks cannot be excluded. --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2017-02/msg00005.html *** Novell: NetIQ Access Manager 4.3 Support Pack 1 4.3.1.0-53 *** --------------------------------------------- The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.3 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, Analytics Server and Admin Console. CVE - 20145183 --------------------------------------------- https://download.novell.com/Download?buildid=30pOHdA3ETQ~ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time *** https://www.ibm.com/support/docview.wss?uid=swg21997192 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition *** https://www.ibm.com/support/docview.wss?uid=swg21997194 --------------------------------------------- *** IBM Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998385 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology *** http://www-01.ibm.com/support/docview.wss?uid=swg21999362 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645) *** http://www.ibm.com/support/docview.wss?uid=swg21998196 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5983) *** http://www.ibm.com/support/docview.wss?uid=swg21996871 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) related to IBM WebSphere Application Server Liberty *** http://www.ibm.com/support/docview.wss?uid=swg21999209 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Refresh (CVE-2016-5932) *** http://www.ibm.com/support/docview.wss?uid=swg21998294 --------------------------------------------- *** IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463) *** http://www.ibm.com/support/docview.wss?uid=swg21996869 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred *** http://www.ibm.com/support/docview.wss?uid=swg21997638 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 23-02-2017
by Daily end-of-shift report 23 Feb '17

23 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-02-2017 18:00 − Donnerstag 23-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Criminals Monetizing Attacks Against Unpatched WordPress Sites *** --------------------------------------------- Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit. --------------------------------------------- http://threatpost.com/criminals-monetizing-attacks-against-unpatched-wordpr… *** MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite *** --------------------------------------------- In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/22/msrt-february-2017-chuc… *** Top 8 Reverse Engineering Tools for Cyber Security Professionals *** --------------------------------------------- Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together again. This process of breaking something down to understand it, build a copy to improve it, is known as reverse engineering. --------------------------------------------- http://resources.infosecinstitute.com/top-8-reverse-engineering-tools-cyber… *** Impact of New Linux Kernel DCCP Vulnerability Limited *** --------------------------------------------- Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks. --------------------------------------------- http://threatpost.com/impact-of-new-linux-kernel-dccp-vulnerability-limited… *** Java, Python FTP Injection Attacks Bypass Firewalls *** --------------------------------------------- Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. --------------------------------------------- http://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/12… *** Kollissionsangriff: Hashfunktion SHA-1 gebrochen *** --------------------------------------------- Forscher von Google und der Universität Amsterdam ist es gelungen, zwei unterschiedliche PDF-Dateien mit demselben SHA-1-Hash zu erzeugen. Dass SHA-1 unsicher ist, war bereits seit 2005 bekannt. (SHA-1, Google) --------------------------------------------- https://www.golem.de/news/kollissionsangriff-hashfunktion-sha-1-gebrochen-1… *** Putty 0.68 released *** --------------------------------------------- http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998) *** http://www.ibm.com/support/docview.wss?uid=swg21998747 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ cluster channel definition causes denial of service to cluster (CVE-2016-9009) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998647 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza PureData System for Analytics (CVE-2016-8610) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997472 --------------------------------------------- *** IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995099 --------------------------------------------- *** IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH) *** http://www.ibm.com/support/docview.wss?uid=swg21998714 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998797 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 22-02-2017
by Daily end-of-shift report 22 Feb '17

22 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-02-2017 18:00 − Mittwoch 22-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Avast Releases a Decryptor for Offline Versions of the CryptoMix Ransomware *** --------------------------------------------- Today, Avast released a decryptor for CryptoMix victims that were encrypted while in offline mode. Offline mode is when the ransomware runs and encrypts a victims computer while there is no Internet connection or the computer cannot connect to the ransomwares Command & Control server. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/avast-releases-a-decryptor-f… *** [R1] Nessus 6.10.2 Fixes One Vulnerability *** --------------------------------------------- Nessus was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g. after a reboot). This issue only affects installations on Windows. --------------------------------------------- http://www.tenable.com/security/tns-2017-06 *** Financial cyberthreats in 2016 *** --------------------------------------------- In 2016 we continued our in-depth research into the financial cyberthreat landscape. Weve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations - such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used. --------------------------------------------- http://securelist.com/analysis/publications/77623/financial-cyberthreats-in… *** Microsoft patcht Flash Player unter Windows außer der Reihe *** --------------------------------------------- Diesen Monat ist der Patchday trotz bekannter Sicherheitslücken in Windows ausgefallen. Nun liefert Microsoft zumindest Patches für kritische Lücken im Flash Player nach. --------------------------------------------- https://heise.de/-3632329 *** Security Advisory - Privilege Elevation Vulnerability Caused by Arbitrary File Upload in Huawei Themes *** --------------------------------------------- The Huawei Themes APP in some Huawei products has a privilege elevation vulnerability due to the lack of theme pack check. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code. (Vulnerability ID: HWPSIRT-2016-11073) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2699. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170222-… *** Website Uses "Add Extension to Leave" Popups to Infect Chrome Users *** --------------------------------------------- A malvertising campaign has specifically targeted and redirected Chrome users to a website they couldnt leave unless they agreed to install a rogue Chrome extension. --------------------------------------------- https://www.bleepingcomputer.com/news/security/website-uses-add-extension-t… *** Apple: Logic Pro X 10.3.1 *** --------------------------------------------- Impact: Opening a maliciously crafted GarageBand project file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. --------------------------------------------- https://support.apple.com/en-us/HT207519 *** Sysinternals Updates *** --------------------------------------------- Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21 --------------------------------------------- https://blogs.technet.microsoft.com/sysinternals/2017/02/17/update-sysmon-v… *** RSA Conference 2017 Playlist *** --------------------------------------------- https://www.youtube.com/playlist?list=PLeUGLKUYzh_j1Q75yeae8upX-T1FLmZWf *** Gefälschte A1-Rechnung verbreitet Schadsoftware *** --------------------------------------------- Kriminelle wollen mit einer scheinbar echten A1-Rechnung Schadsoftware auf fremden Computern hinterlegen. Damit sie das Ziel erreichen, fordern sie Empfänger/innen dazu auf, dass sie die angebliche Rechnung auf einer gefälschten A1-Website herunterladen. Wer die gefälschte Zahlungsaufstellung öffnet, installiert einen Trojaner. Er verschlüsselt Dateien und macht sie unbrauchbar. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-rec… *** Mobile Devices und Softwareupdates *** --------------------------------------------- Mobile Devices bestimmen in unserer modernen Gesellschaft zunehmend den Alltag. Das Lesen von Emails oder das Online-Banking: alltägliche Anwendungen werden immer öfter mit einem mobilen Endgerät umgesetzt, privat oder beruflich. Waren es bis vor kurzem nur Smartphones, welche das Handy abgelöst haben, oder Tablet-Computer, die ursprünglich als Bücher-Ersatz gedacht waren, so folgen heute beispielsweise die Uhr, die Brille, das Auto und viele mehr. --------------------------------------------- https://www.dfn-cert.de/aktuell/mobile_devices_software_updates.html *** SSA-363881 (Last Update 2017-02-22): Web Vulnerabilities in RUGGEDCOM NMS *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881… *** SSA-623229 (Last Update 2017-02-22): DROWN Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Mutiple vulnerabilities in zlib affect IBM ILOG CPLEX Optimization Studio *** http://www.ibm.com/support/docview.wss?uid=swg21997946 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Brocade Network Advisor affect IBM PureApplication System. *** http://www.ibm.com/support/docview.wss?uid=swg21998725 --------------------------------------------- *** IBM Security Bulletin: Potential cross-site scripting in the Admin Console for WebSphere Application Server (CVE-2016-8934) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992315 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992651 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 21-02-2017
by Daily end-of-shift report 21 Feb '17

21 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-02-2017 18:00 − Dienstag 21-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Joomla Security - Pornography Spam Campaign in the Wild *** --------------------------------------------- One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet, or even a porn dump. Those unwanted keywords are a result of Search Engine Poisoning (SEP) attacks. This blackhat SEO technique is used by attackers to take advantage of your rankings on Search Engine Result Pages (SERPs). --------------------------------------------- https://blog.sucuri.net/2017/02/joomla-security-pornography-spam-campaign-i… *** Hardening Postfix Against FTP Relay Attacks, (Mon, Feb 20th) *** --------------------------------------------- Yesterday, I read an interesting blog post about exploiting XXE (XML eXternal Entity) flaws to send e-mails. In short: It is possible to trick the application to connect to an FTP server, but since mail servers tend to be forgiving enough, they will just accept e-mail if you use the FTP client to connect to port 25 on a mail server. The mail server will of course initially see the USER and PASS commands, but it will ignore them. Initially, I considered thisa lesser issue. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22086&rss *** New(ish) Mirai Spreader Poses New Risks *** --------------------------------------------- A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices. This is not the case. Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant. So let's make a level-headed assessment of what is really out there. --------------------------------------------- https://securelist.com/blog/research/77621/newish-mirai-spreader-poses-new-… *** Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway GCM nonce generation *** --------------------------------------------- A flaw in NetScaler ADC and Gateway causes GCM nonces to be randomly generated, making it marginally easier for remote attackers to obtain ... --------------------------------------------- https://support.citrix.com/article/CTX220329 *** DFN-CERT-2017-0317: Xen, QEMU: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- Ein einfach authentifizierter Angreifer im benachbarten Netzwerk mit erweiterten Privilegien (Guest Administator) kann auf Speicher außerhalb von Speichergrenzen zugreifen (Out-of-Bounds Access) und dadurch einen Denial-of-Service (DoS)-Angriff durchführen oder möglicherweise beliebigen Programmcode zur Ausführung bringen. Die Schwachstelle betrifft QEMU in allen Versionen von Xen. Es stehen Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0317/ *** Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks *** --------------------------------------------- There are multiple issues and attack scenarios that Caballero discovered, but fortunately, they only affect Internet Explorer 11, but not Edge, or browsers from other vendors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/unstoppable-javascript-attac… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ invalid requests cause denial of service to MQXR listener (CVE-2016-8986) *** http://www.ibm.com/support/docview.wss?uid=swg21998648 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Invalid channel protocol flows cause denial of service on HP-UX (CVE-2016-8915) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998649 --------------------------------------------- *** IBM Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999040 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-3092, CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998590 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Java clients might send a password in clear text (CVE-2016-3052) *** http://www.ibm.com/support/docview.wss?uid=swg21998660 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Channel data conversion denial of service (CVE-2016-3013) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998661 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 20-02-2017
by Daily end-of-shift report 20 Feb '17

20 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-02-2017 18:00 − Montag 20-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Android for Work Security Containers Bypassed with Relative Ease *** --------------------------------------------- Mobile security experts from Skycure have found two methods for bypassing the security containers put around "Android for Work," allowing attackers to access business data saved in this seemingly secure environment. --------------------------------------------- https://www.bleepingcomputer.com/news/mobile/android-for-work-security-cont… *** Users Continue to Install Malware on Their Phone 5 Years After Adobe Discontinued Flash for Android *** --------------------------------------------- It is unbelievable that almost five years after Adobe announced it would stop developing Flash Player for Android, users are still installing a non-existent piece of software, which in almost all cases is just malware in disguise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/users-continue-to-install-ma… *** Google bellows bug news after Microsoft sails past fix deadline *** --------------------------------------------- Mess in Windows graphics library can give bad hombres access to memory Googles Project Zero has again revealed a Windows bug before Microsoft fixed it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/20/google_proj… *** Mongoaudit Helps You Secure MongoDB Databases *** --------------------------------------------- A new tool developed by engineers at Stampery can help database administrators audit the security features of their current MongoDB installations, and take precautionary measures to prevent future exploitation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongoaudit-helps-you-secure-… *** BIOS/UEFI mit Ransomware infiziert *** --------------------------------------------- Sicherheitsforscher haben gezeigt, dass sich das BIOS/UEFI eines Computers trotz aktuellem Windows 10 und diversen aktivierten Sicherheitsmechanismen mit einem Erpressungstrojaner infizieren lässt. --------------------------------------------- https://heise.de/-3630662 *** Spam and phishing in 2016 *** --------------------------------------------- 2016 saw a variety of changes in spam flows, with the increase in the number of malicious mass mailings containing ransomware being the most significant. These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/77483/kaspersky-… *** SAP Security for Beginners. Part 6: SAP Risks Fraud *** --------------------------------------------- Welcome to the latest part of SAP Risks. After we finished with Espionage and Sabotage, let's eat the last piece of this "sweet cake" dubbed Fraud. In my opinion, fraud is the most common issue in ERP System and other business applications. --------------------------------------------- http://resources.infosecinstitute.com/sap-security-beginners-part-6-sap-ris… *** DFN-CERT-2017-0302: Suricata: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- Mehrere nicht näher spezifizierte Schwachstellen in Suricata ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe aufgrund von Speicherlecks und Lesezugriffen außerhalb zugewiesenen Speichers. Der Hersteller informiert über die Schwachstellen und stellt Suricata 3.2.1 zur Behebung dieser Schwachstellen bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0302/ *** tenable: [R1] SecurityCenter 5.4.3 File Upload unserialize() Function PHP Object Handling Remote File Deletion *** --------------------------------------------- SecurityCenter was found to use the PHP unserialize() function in several places in such a way that may allow a remote authenticated attacker to upload a crafted PHP object that resulted in the deletion of arbitrary files. --------------------------------------------- http://www.tenable.com/security/tns-2017-05 *** WordPress Security - Fake TrafficAnalytics Website Infection *** --------------------------------------------- Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. ... Recently, a new variation of this type of infection has emerged. The new campaign uses trafficanalytics[.]online as the source for the injected script. --------------------------------------------- https://blog.sucuri.net/2017/02/fake-trafficanalytics-website-infection.html *** Penetration Testing Tools Cheat Sheet *** --------------------------------------------- Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test. --------------------------------------------- https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: DOM-based cross-site scripting vulnerability affects IBM Advanced Management Module (AMM) for BladeCenter Systems *** http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2017-3731) *** http://aix.software.ibm.com/aix/efixes/security/openssl_advisory23.asc ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-02-2017
by Daily end-of-shift report 17 Feb '17

17 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-02-2017 18:00 − Freitag 17-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Divide Between Work, Personal Data on Android Breached *** --------------------------------------------- Researchers demonstrate how malicious apps can break into secure Android work containers on EMM managed phones. --------------------------------------------- http://threatpost.com/divide-between-work-personal-data-on-android-breached… *** Don’t panic over cyber-terrorism: Daesh-bags still at script kiddie level *** --------------------------------------------- Medieval terror bastards not great at hacking says ex-top NSA lawyer RSA USA There’s no need to panic about the threat of a major online terrorist attack, since ISIS and their allies are all talk and no .. --------------------------------------------- www.theregister.co.uk/2017/02/16/online_terrorism_isnt/ *** Mobile apps and stealing a connected car *** --------------------------------------------- The concept of a connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. By using proprietary mobile .. --------------------------------------------- http://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-… *** DSA-3790 spice - security update *** --------------------------------------------- https://www.debian.org/security/2017/dsa-3790 *** MQTT-Protokoll: IoT-Kommunikation von etwa Reaktoren und Gefängnissen öffentlich einsehbar *** --------------------------------------------- Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen mit ihren Servern – unverschlüsselt, ohne Frage nach Passwörtern. Hacker könnten nicht nur mitlesen, sondern Daten auch manipulieren. --------------------------------------------- https://heise.de/-3629650 *** Darknet-Drogenring in Braunau aufgeflogen *** --------------------------------------------- Die Hinweise auf den Suchtgifthandel kamen von Zollfahndung Frankfurt. Der Kopf der Bande befindet sich in Haft. --------------------------------------------- https://futurezone.at/digital-life/darknet-drogenring-in-braunau-aufgefloge… *** My Friend Cayla: Eltern müssen Puppen ihrer Kinder zerstören *** --------------------------------------------- Smartes Spielzeug wird vor allem von Datenschützern immer wieder kritisiert. In einem Fall greift die .. --------------------------------------------- https://www.golem.de/news/my-friend-cayla-eltern-muessen-puppen-ihrer-kinde… *** MQTT-Protokoll: IoT-Kommunikation von Reaktoren und Gefängnissen öffentlich einsehbar *** --------------------------------------------- Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen .. --------------------------------------------- https://heise.de/-3629650 *** Gag Order: Riseup belebt den Kanarienvogel wieder *** --------------------------------------------- Nachdem Riseup seinen Warrant Canary im vergangenen Jahr nicht aktualisiert hatte, gab es viel Aufregung in der Szene. Jetzt gibt das Kollektiv bekannt: "Wir haben Nutzerdaten herausgegeben." Künftig soll das dank Verschlüsselung nicht mehr möglich sein. --------------------------------------------- https://www.golem.de/news/gag-order-riseup-belebt-den-kanarienvogel-wieder-… *** USB Killer now lets you fry most Lightning and USB-C devices for $55 *** --------------------------------------------- Plus a new, stealthy "anonymous" stick, because thats what the world really needed. --------------------------------------------- https://arstechnica.com/gadgets/2017/02/usb-killer-fry-lightning-usb-c-devi… *** Planning for an InfoSec Conference *** --------------------------------------------- I wasted many an early year going to InfoSec conferences and security events only to find them useless. Well, they werent totally useless, Id often come back with a bag full of goodies that more often than not included stress .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/planning-for-an-infose… *** SMTP Strict Transport Security Coming Soon to Gmail, Other Webmail Providers *** --------------------------------------------- SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference --------------------------------------------- http://threatpost.com/smtp-strict-transport-security-coming-soon-to-gmail-o… *** VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for *** --------------------------------------------- APT reports are great for gaining an understanding of how advanced attack groups operate - however, they can also .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/02/vb2016-paper-apt-reports-and…

1 0

Tageszusammenfassung - Donnerstag 16-02-2017
by Daily end-of-shift report 16 Feb '17

16 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-02-2017 18:00 − Donnerstag 16-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019 *** --------------------------------------------- https://www.drupal.org/node/2852937 *** Search API Sorts - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-016 *** --------------------------------------------- https://www.drupal.org/node/2852922 *** Who Ran Leakedsource.com? *** --------------------------------------------- Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection .. --------------------------------------------- https://krebsonsecurity.com/2017/02/who-ran-leakedsource-com/ *** Yahoo reveals more breachiness to users victimized by forged cookies *** --------------------------------------------- Some accounts may have been accessed with forged cookies as recently as 2016. --------------------------------------------- https://arstechnica.com/information-technology/2017/02/yahoo-reveals-more-b… *** DSA-3789 libevent - security update *** --------------------------------------------- Several vulnerabilities were discovered in libevent, an asynchronousevent notification library. They would lead to Denial Of Service via application crash, or remote code execution. --------------------------------------------- https://www.debian.org/security/2017/dsa-3789 *** Ukraine verzeichnet 2016 Rekordzahl von Cyberangriffen *** --------------------------------------------- Chef des Inlandsgeheimdienstes vermeidet direkte Nennung Russlands --------------------------------------------- http://derstandard.at/2000052700282 *** Microsoft verschiebt Februar-Patches in den März *** --------------------------------------------- Diesen Monat gibt es keine Sicherheitspatches von Microsoft. Die eigentlich geplanten Updates will das .. --------------------------------------------- https://heise.de/-3627965 *** Blackberry liefert monatliche Sicherheitsupdates für alle Geräte *** --------------------------------------------- Im November war Blackberry aus dem Tritt geraten, versprochene Sicherheitsupdates für das DTEK50 kamen erst im Dezember. Nun hat sich die Versorgung wieder stabilisiert. --------------------------------------------- https://heise.de/-3627937 *** OpenSSL advisory 20170216 *** --------------------------------------------- During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. --------------------------------------------- https://openssl.org/news/secadv/20170216.txt *** Google was aware of Russian APT28 group years before others *** --------------------------------------------- Lorenzo Bicchierai from MotherBoard shared an interesting private report about Russian cyber espionage operations conducted by APT28, the document was leaked online by Google. The .. --------------------------------------------- http://securityaffairs.co/wordpress/56336/apt/apt28-leaked-report.html *** Xen-Entwickler wollen weniger Sicherheitslücken offenlegen *** --------------------------------------------- Die Entwickler des Virtualisierungssystems Xen wollen weniger Sicherheitslücken öffentlich machen. Damit wollen sie vor allem Arbeit sparen, sorgen aber auch für eine klarere Linie im Umgang mit Schwachstellen. --------------------------------------------- https://heise.de/-3628690

1 0

Tageszusammenfassung - Mittwoch 15-02-2017
by Daily end-of-shift report 15 Feb '17

15 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-02-2017 18:00 − Mittwoch 15-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Amnesty International uncovers phishing campaign against human rights activists *** --------------------------------------------- Attacker targeted groups in Qatar, Nepal using extensive fake social media profile. --------------------------------------------- https://arstechnica.com/security/2017/02/amnesty-international-uncovers-phi… *** Siemens SIMATIC Authentication Bypass *** --------------------------------------------- This advisory contains mitigation details for an authentication bypass in Siemens SIMATIC. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-045-03 *** Attacking the Windows NVIDIA Driver *** --------------------------------------------- Modern graphic drivers are complicated and provide a large promising attack surface for EoPs and sandbox escapes from processes that have access to the GPU (e.g. the Chrome GPU process). In this blog post we’ll take a look at attacking the .. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/02/attacking-windows-nvidia-driv… *** Ransomware: a declining nuisance or an evolving menace? *** --------------------------------------------- The volume of ransomware encounters is on a downward trend. Are we seeing the beginning of the end of this vicious threat? Unfortunately, a look at the attack vectors, the number of .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/14/ransomware-2016-threat-… *** New ASLR-busting JavaScript is about to make drive-by exploits much nastier *** --------------------------------------------- A property found in virtually all modern CPUs neuters decade-old security protection. --------------------------------------------- https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-abo… *** Adobe-Patchday: Flash Player wie üblich in kritischem Zustand *** --------------------------------------------- Im Flash Player und Adobe Digital Editions klaffen kritische Lücken. Aktuell sind vor allem Windows-Nutzer von den Flash-Lücken bedroht. Adobe Campaign erhält ebenfalls Sicherheitsupdates. --------------------------------------------- https://heise.de/-3626386 *** Researchers Discover Self-Healing Malware That Targets Magento Stores *** --------------------------------------------- Dutch malware experts have found a new malware strain that targets online shops running on the Magento platform, .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/researchers-discover-self-he… *** Cisco: Zwei VPN-Lücken und eine Schwachstelle, die offiziell keine ist *** --------------------------------------------- Cisco hat Sicherheitslücken im AnyConnect-VPN und auf seinen ASA-Firewalls gestopft. Ein Sicherheitsproblem mit dem SMI-Protokoll, welches es aus der Ferne erlaubt, neue Betriebssystem-Images auf Switches zu laden, sieht die Firma allerdings nicht. --------------------------------------------- https://heise.de/-3627330 *** Are Windows Registry Fixers Safe? *** --------------------------------------------- Before I got into cybersecurity, I spent years as a technical support agent for Windows end users of Windstream, an American ISP. Although Windstream is an ISP, they also offered a general Windows client OS remote support service for their predominantly .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/should-windows-users-b… *** Xagent: Russische Hackergruppe setzt auch auf Mac-Spionage-Software *** --------------------------------------------- Eine auf macOS abzielende Version der Malware Xagent stammt offenbar von der Hackergruppe APT28, die mit dem Angriff auf die Demokratische Partei im US-Wahlkampf in Verbindung gebracht wird. Xagent soll unter anderem iPhone-Backups entwenden. --------------------------------------------- https://heise.de/-3627630 *** Researchers trick CEO email scammer into giving up identity *** --------------------------------------------- Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.Researchers at Dell SecureWorks have documented how they identified a .. --------------------------------------------- http://www.cio.com/article/3170117/security/researchers-trick-ceo-email-sca…

1 0

Tageszusammenfassung - Dienstag 14-02-2017
by Daily end-of-shift report 14 Feb '17

14 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-02-2017 18:00 − Dienstag 14-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Shirebrook man arrested in connection to Sports Direct breach *** --------------------------------------------- A 27-year-old man has been arrested in connection with the hack of Sports .. --------------------------------------------- www.theregister.co.uk/2017/02/13/sports_direct_arrest/ *** A look into the Russian-speaking ransomware ecosystem *** --------------------------------------------- In other words, crypto ransomware is a fine tuned, user friendly and constantly developing ecosystem. In the last few years we, at Kaspersky Lab, have been monitoring the development of this ecosystem. This is what we’ve learned. --------------------------------------------- http://securelist.com/analysis/publications/77544/a-look-into-the-russian-s… *** Top phishing targets in 2016? Google, Yahoo, and Apple *** --------------------------------------------- For every new phishing URL impersonating a financial institution, there were more than seven impersonating technology companies. Comparison of most impersonated companies .. --------------------------------------------- https://www.helpnetsecurity.com/2017/02/14/top-phishing-targets/ *** Metadata: The secret data trail *** --------------------------------------------- Every phone call, text message, even activated cell phones, leaves a trail of data across a network. In many cases this data is aggregated with other data and metadata including .. --------------------------------------------- https://www.helpnetsecurity.com/2017/02/14/metadata-secret-data-trail/ *** Worried about hacks, senators want info on Trump’s personal phone *** --------------------------------------------- Two senators have written to the U.S. Department of Defense about reports that President Donald Trump may still be using an old unsecured Android phone, including to communicate .. --------------------------------------------- http://www.cio.com/article/3169577/security/worried-about-hacks-senators-wa… *** 25% of web apps still vulnerable to eight of the OWASP Top Ten *** --------------------------------------------- 69 percent of web applications are plagued by vulnerabilities that could lead to sensitive data exposure, and 55 percent by cross-site request forgery flaws, the results .. --------------------------------------------- https://www.helpnetsecurity.com/2017/02/14/web-application-vulnerabilities/ *** Sicherheitslücke in GarageBand für den Mac *** --------------------------------------------- Apple hat einen potenziell problematischen Fehler in seiner populären Audioanwendung geschlossen. Angreifer hätten wohl Code ausführen können. --------------------------------------------- https://heise.de/-3624160 *** University DDoSed by Its Own IoT Devices *** --------------------------------------------- An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizons upcoming yearly data breach report. --------------------------------------------- https://www.bleepingcomputer.com/news/security/university-ddosed-by-its-own… *** DSA-3788 tomcat8 - security update *** --------------------------------------------- It was discovered that a programming error in the processing of HTTPSrequests in the Apache Tomcat servlet and JSP engine may result indenial of service via an infinite loop. --------------------------------------------- https://www.debian.org/security/2017/dsa-3788 *** DSA-3787 tomcat7 - security update *** --------------------------------------------- It was discovered that a programming error in the processing of HTTPSrequests in the Apache Tomcat servlet and JSP engine may result indenial of service via an infinite loop. --------------------------------------------- https://www.debian.org/security/2017/dsa-3787 *** DSA-3786 vim - security update *** --------------------------------------------- Editor spell files passed to the vim (Vi IMproved) editormay result in an integer overflow in memory allocationand a resulting buffer overflow which potentiallycould result in the execution of arbitrary code or denial ofservice. --------------------------------------------- https://www.debian.org/security/2017/dsa-3786 *** Jetzt patchen! Angriffe auf WordPress-Seiten nehmen zu und werden gefährlicher *** --------------------------------------------- Nach der Verunstaltung von verwundbaren WordPress-Webseiten versuchen Angreifer nun Schadcode auszuführen, warnen Sicherheitsforscher. --------------------------------------------- https://heise.de/-3624301 *** Staying safe online on Valentine’s Day *** --------------------------------------------- We give some advice on how to steer clear of scams and other bad things on Valentines Day. Everything from .. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/02/staying-safe-online-on-val… *** Chrome: Google zahlt 20 Millionen US-Dollar für Anti-Malware-Patente *** --------------------------------------------- Auch für Google sind 20 Millionen Dollar nicht wenig Geld. Ein US-Gericht verurteilte das Unternehmen zur Zahlung dieser Summe, weil es Patente zur Sicherung vor Malware im .. --------------------------------------------- https://www.golem.de/news/chrome-google-zahlt-20-millionen-us-dollar-fuer-a… *** Tracking the Decline of Top Exploit Kits *** --------------------------------------------- The latter half of 2016 saw a major shift in the exploit kit landscape, with many established kits suddenly dropping operations or switching business models. Angler, which has .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/tracking-decline… *** Gefälschte Post.at-Sendungsverfolgung im Umlauf *** --------------------------------------------- Mit einer gefälschten Post.at-Sendungsverfolgung wollen Kriminelle Schadsoftware auf fremden Computern hinterlegen. Dazu fordern sie Empfänger/innen auf, Informationen .. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/gefaelschte-postat-sendungs… *** Security Bulletins posted for Flash Player, Digital Editions and Adobe Campaign *** --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-04), Adobe Digital Editions (APSB17-05) and Adobe Campaign (APSB17-06). Adobe recommends users update their .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1444 *** Nation States Distancing Themselves from APTs *** --------------------------------------------- Increasingly, governments are outsourcing state-sponsored attacks to mitigate risk and maximize intelligence. --------------------------------------------- http://threatpost.com/nation-states-distancing-themselves-from-apts/123711/ *** February 2017 security update release *** --------------------------------------------- Our top priority is to provide the best possible experience for customers in maintaining and protecting their .. --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-…

1 0

Tageszusammenfassung - Montag 13-02-2017
by Daily end-of-shift report 13 Feb '17

13 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-02-2017 18:00 − Montag 13-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** State-sponsored Hackers Targeting Prominent Journalists, Google Warns *** --------------------------------------------- State-sponsored hackers are attempting to steal email passwords of a number of prominent journalists, Google has warned. The hackers are suspected to be Russians, reports POLITICO. Some of the journalists who have received such warnings from Google as .. --------------------------------------------- https://politics.slashdot.org/story/17/02/10/1726206/state-sponsored-hacker… *** Unique Office Loader Deploying Multiple Malware Families *** --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/02/unit42-unique-office-loa… *** Sports Direct hacked but it still hasn't disclosed the breach to its staff *** --------------------------------------------- Sports Direct, the UK's largest sports retail business, was hacked last year, and still hasn't disclosed the incident to its staff. The Register confirmed that the Sports Direct, the UK's largest sports retail business, was hacked last .. --------------------------------------------- http://securityaffairs.co/wordpress/56187/data-breach/sports-direct-data-br… *** Think Twice before Posting Data on Pastebin! *** --------------------------------------------- Pastebin.com is one of my favourite playground. I'm monitoring the content of all pasties posted on this website. My goal is to find juicy data like configurations, database .. --------------------------------------------- https://blog.rootshell.be/2017/02/12/think-twice-posting-data-pastebin/ *** Lazarus & Watering-hole attacks *** --------------------------------------------- On 3rd February 2017, researchers at badcyber.com released an article that detailed a series of .. --------------------------------------------- http://baesystemsai.blogspot.com/2017/02/lazarus-watering-hole-attacks.html *** Do You Use VirusTotal? Give PacketTotal a Spin!, (Mon, Feb 13th) *** --------------------------------------------- Packettotal ( http://www.packettotal.com ) is a new site that does some nifty analysis of Packet Captures for you if youre not so familiar with Wireshark or other analysis tools Out of the gate, this site maps out connections, certificates, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22061 *** Firefox für Android kann sich an Schadcode verschlucken *** --------------------------------------------- In der Version 51.0.3 haben die Firefox-Entwickler eine kritische Sicherheitslücke geschlossen. Von der Schwachstelle ist ausschliesslich die Android-Version betroffen. --------------------------------------------- https://heise.de/-3623027 *** Mirai Widens Distribution with New Trojan that Scans More Ports *** --------------------------------------------- Late last year, in several high-profile and potent DDoS attacks, Linux-targeting Mirai (identified by Trend Micro as ELF_MIRAI family) revealed just how broken the Internet .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mirai-widens-dis… *** Project Zero: NTFS-Treiber ermöglicht Linux-Rootzugriff *** --------------------------------------------- Eine fehlerhafte Konfiguration des Userspace-Treibers für NTFS unter Linux ermöglicht einfachen Root-Zugriff. Davon betroffen waren Standardinstallationen von Debian .. --------------------------------------------- https://www.golem.de/news/project-zero-ntfs-treiber-ermoeglicht-linux-rootz… *** Mexiko soll Gegner von Softdrinks mit Spyware ausgespäht haben *** --------------------------------------------- Aktivisten, die für eine höhere Besteuerung von zuckerhaltigen Getränken und fettreichen Speisen kämpften, wurden ausgehorcht --------------------------------------------- http://derstandard.at/2000052555921 *** Dateilose Infektion: Einbruch ohne Spuren *** --------------------------------------------- Sicherheitsforscher warnen, dass vermutlich die Carbanak-Gang einen neuen Trick verwendet, der viele Schutz- und Analyse-Programme ins Leere laufen lässt. Sie brechen in Computer und Netze ein, ohne dass dabei verdächtige Dateien auf der Platte landen. --------------------------------------------- https://heise.de/-3623084

1 0

Tageszusammenfassung - Freitag 10-02-2017
by Daily end-of-shift report 10 Feb '17

10 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-02-2017 18:00 − Freitag 10-02-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** ENISA study on the security aspects of virtualization *** --------------------------------------------- The report provides an analysis on the current status of security of virtualization, by presenting current technologies affected, risks, efforts, gaps, and the impact the latter have on environments based on virtualization technologies. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-study-on-the-security-asp… *** A Feeding Frenzy to Deface WordPress Sites *** --------------------------------------------- In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking. --------------------------------------------- https://www.wordfence.com/blog/2017/02/rest-api-exploit-feeding-frenzy-defa… *** RCE Attempts Against the Latest WordPress REST API Vulnerability *** --------------------------------------------- We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could. The RCE attempts we are seeing in the wild do not affect every WordPress sites, only the ones using plugins that allow for PHP execution from within posts and pages. --------------------------------------------- https://blog.sucuri.net/2017/02/rce-attempts-against-the-latest-wordpress-r… *** De-Anonymizing Browser History Using Social-Network Data *** --------------------------------------------- Interesting research: "De-anonymizing Web Browsing Data with Social Networks":Abstract: Can online trackers and network adversaries de-anonymize web browsing data readily available to them? We show -- theoretically, via simulation, and through experiments on real user data -- that de-identified web browsing histories can\ be linked to social media profiles using only publicly available data. Our approach is based on a simple observation: each person has a distinctive social network,... --------------------------------------------- https://www.schneier.com/blog/archives/2017/02/de-anonymizing_1.html *** CERT updates insider threat guidebook *** --------------------------------------------- The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University released the fifth edition of the Common Sense Guide to Mitigating Insider Threats. The guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. --------------------------------------------- https://www.helpnetsecurity.com/2017/02/10/insider-threat-guidebook/ *** ENISA issues Smartphone Development Guidelines *** --------------------------------------------- ENISA publishes an update of the Smartphone Development Guidelines. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/enisa-issues-smartphone-develop… *** Hacking Guatemala's DNS - Spying on Active Directory Users By Exploiting a TLD Misconfiguration *** --------------------------------------------- In search of new interesting high-impact DNS vulnerabilities I decided to take a look at the various top-level domains (TLDs) and analyze their configurations for errors. Upon some initial searching it turns out there is a nice open source service which helps DNS administrators scan their domains for misconfigurations called DNSCheck written by The Internet Foundation in Sweden. This tool helps highlight all sorts of odd DNS misconfigurations such as having an... --------------------------------------------- https://thehackerblog.com/hacking-guatemalas-dns-spying-on-active-directory… *** Unpatched (0day) jQuery Mobile XSS *** --------------------------------------------- TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and theres nothing you can do about it, theres not even patch --------------------------------------------- http://sirdarckcat.blogspot.co.at/2017/02/unpatched-0day-jquery-mobile-xss.… *** Multiple cross-site scripting vulnerabilities in Webmin *** --------------------------------------------- Webmin contains multiple cross-site scripting vulnerabilities. --------------------------------------------- http://jvn.jp/en/jp/JVN34207650/ *** Western Digital My Cloud 2.21.119 Authentication Bypass *** --------------------------------------------- Topic: Western Digital My Cloud 2.21.119 Authentication Bypass Risk: High Text: Authentication bypass vulnerability in Western Digital My Cloud Remco Verm... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017020093 *** Hanwha Techwin Smart Security Manager *** --------------------------------------------- This advisory contains mitigation detail for remote code execution vulnerabilities in Hanwha Techwins Smart Security Manager. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01 *** DFN-CERT-2017-0251: Xen, QEMU: Eine Schwachstelle ermöglicht das Ausspähen von Informationen und die Eskalation von Privilegien *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0251/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997743 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php5 vulnerabilities (CVE-2016-6911, CVE-2016-8670) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024834 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a kernel vulnerability *** http://www.ibm.com/support/docview.wss?uid=isg3T1024807 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024808 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a libgcrypt vulnerability (CVE-2016-6313) *** http://www.ibm.com/support/docview.wss?uid=isg3T1024832 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affect Rational Tau (CVE-2016-2180) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994132 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affect Rational Tau (CVE-2016-2177) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993836 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple glibc vulnerabilities (CVE-2016-1234, CVE-2016-3706, CVE-2016-4429) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024831 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 9-02-2017
by Daily end-of-shift report 09 Feb '17

09 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-02-2017 18:00 − Donnerstag 09-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Lifting the (Hyper) Visor: Bypassing Samsung's Real-Time Kernel Protection *** --------------------------------------------- Posted by Gal Beniamini, Project ZeroTraditionally, the operating system's kernel is the last security boundary standing between an attacker and full control over a target system. As such, additional care must be taken in order to ensure the integrity of the kernel. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing… *** FortiManager TLS certificate validation failure *** --------------------------------------------- FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure. --------------------------------------------- http://fortiguard.com/advisory/FG-IR-16-055 *** Gefälschte iTunes-Rechnung: Danke für Ihren Einkauf *** --------------------------------------------- Mit einer gefälschten iTunes-Rechnug wollen Kriminelle Empfänger/innen dazu bewegen, dass sie eine Website aufrufen. Auf dieser sollen Besucher/innen Kreditkarteninformationen bekannt geben, damit sie einen nicht gewollten Einkauf stornieren können. Es handelt sich um einen Datendiebstahlsversuch. Sie dürfen die Daten nicht bekannt geben. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-itunes-rechnung-dank… *** Security Advisory - Privilege Escalation Vulnerability in Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170209-… *** Analysis of security measures deployed by e-communication providers *** --------------------------------------------- ENISA's new report provides a collection of good practices, implemented security measures and approaches by e-communication providers in the EU, to mitigate the main types of incidents in the telecommunication sector. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/analysis-of-security-measures-d… *** Security and Privacy Guidelines for the Internet of Things *** --------------------------------------------- Lately, I have been collecting IoT security and privacy guidelines. Heres everything Ive found: --------------------------------------------- https://www.schneier.com/blog/archives/2017/02/security_and_pr.html *** iCloud schlampt offenbar beim Löschen des Browser-Verlaufs *** --------------------------------------------- Aus dem Verlauf von Apples Browser Safari gelöschte Webseiten-Besuche verschwinden zwar von den synchronisierten Geräten, lassen sich aber noch rund ein Jahr später aus iCloud rekonstruieren, warnt der Hersteller eines Forensik-Tools. --------------------------------------------- https://heise.de/-3621063 *** Brute Force RDP Attacks Plant CRYSIS Ransomware *** --------------------------------------------- ... brute force RDP attacks are still ongoing, affecting both SMEs and large enterprises across the globe. In fact, the volume of these attacks doubled in January 2017 from a comparable period in late 2016. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/brute-force-rdp-… *** DFN-CERT-2017-0237: ISC BIND: Eine Schwachstellen ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Das Internet Systems Consortium (ISC) ... veröffentlicht die neuen Programmversionen BIND 9.9.9-P6, 9.10.4-P6, 9.11.0-P3 und 9.9.9-S8 (letztere nur für ISC Support Kunden), in denen die Schwachstellen behoben sind. Die Schwachstelle kann durch Deaktivierung von DNS64 oder RPZ umgangen werden, bis das Sicherheitsupdate eingespielt werden kann. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0237/ *** GNU Bash code execution vulnerability in path completion *** --------------------------------------------- GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash's built-in path completion by hitting the Tab button (f.e. to remove it with rm) triggers the exploit without executing a command itself. --------------------------------------------- https://cxsecurity.com/issue/WLB-2017020061 *** DFN-CERT-2017-0240: F5 Networks BIG-IP Systeme: Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- F5 Networks BIG-IP Protocol Security Module (PSM) >= 11.4.0, <= 11.4.1 Ein entfernter, einfach authentifizierter Angreifer kann durch Wiederaufnahme einer SSL-Verbindung zu einer betroffenen F5 BIG-IP-Appliance Informationen ausspähen, da der Server abhängig von der Größe des gesendeten Sitzungsidentifizierers (Session ID) als Antwort bis zu 31 Bytes aus nicht initialisiertem Speicher zurücksendet. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0240/ *** Erpressungs-Trojaner Erebus umgeht erfolgreich UAC-Abfrage von Windows *** --------------------------------------------- Sicherheitsforschern zufolge verbiegt Erebus die Windows-Registry dahingehend, sodass der Schädling schlimmstenfalls mit Admin-Rechten operieren kann. Dank einer Windows-Einstellung kann man das aber unterbinden. --------------------------------------------- https://heise.de/-3619820 *** BSI veröffentlicht Leitfaden für sicheres Android mit Samsung Knox *** --------------------------------------------- Administratoren können sich von der Website des BSI Empfehlungen für Samsungs Sicherheitsplattform laden. Zweck ist der Schutz von Android-Geräten. --------------------------------------------- https://heise.de/-3620713 *** Manipuliertes Word-Dokument: Makro-Malware geht den Mac an *** --------------------------------------------- Mit manipulierten Word-Dokumenten wollen Angreifer nun auch Schadcode auf Macs einschleusen. Damit wird die macOS-Schutzfunktion Gatekeeper umgangen. --------------------------------------------- https://heise.de/-3621092 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in GNU C Library affects IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware (CVE-2016-1234) *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 8-02-2017
by Daily end-of-shift report 08 Feb '17

08 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-02-2017 18:00 − Mittwoch 08-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** As Valve eradicates serious bug in Steam, here's what you need to know *** --------------------------------------------- Steam, an online game platform with more than 125 million active accounts, is in the process of fixing a serious security hole that opens users to hacks that could redirect them to attack sites, spend their market funds, or possibly make malicious changes to their user profiles. --------------------------------------------- https://arstechnica.com/security/2017/02/as-valve-eradicates-serious-bug-in… *** Fileless attacks against enterprise networks *** --------------------------------------------- This threat was originally discovered by a bank's security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim's host to the attacker's C2. --------------------------------------------- http://securelist.com/blog/research/77403/fileless-attacks-against-enterpri… *** Strategies to Mitigate Cyber Security Incidents *** --------------------------------------------- The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, business email compromise and industrial control systems. --------------------------------------------- http://www.asd.gov.au/infosec/mitigationstrategies.htm *** ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability *** --------------------------------------------- An attacker can exploit the vulnerability to bypass authentication and thereby gain administrator privileges. --------------------------------------------- http://www.securityfocus.com/archive/1/540100 *** When A Pony Walks Out Of A Pub *** --------------------------------------------- Talos has observed a small email campaign leveraging the use of Microsoft Publisher files. ... Unlike other applications within the Microsoft Office suite, Microsoft Publisher does not support a Protected View mode. ... The file used in this campaign was aimed at infecting the victim with the, well known, Pony malware --------------------------------------------- http://blog.talosintel.com/2017/02/pony-pub-files.html *** Multiple Vulnerabilities in Trend Micro Control Manager (TMCM) 6.0 *** --------------------------------------------- CVSS 2.0 Score(s): 4.0 - 6.8 Severity Rating(s): Medium Trend Micro has released a new build for Trend Micro Conrol Manager 6.0. This build resolves multiple vulnerabilities related to potential remote code execution, directory traversal, SQL injections, and unauthorized access to XML files. --------------------------------------------- https://success.trendmicro.com/solution/1116624 *** SAP Security for Beginners Part 5: SAP Risks - Sabotage *** --------------------------------------------- Sabotage attacks on SAP systems were promised as a today's topic, so, let's look at potential sabotage vectors. --------------------------------------------- http://resources.infosecinstitute.com/sap-security-beginners-part-5-sap-ris… *** Sielco Sistemi Winlog SCADA Software *** --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path vulnerability in Sielco Sistemis Winlog SCADA Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01 *** BD Alaris 8000 Insufficiently Protected Credentials Vulnerability *** --------------------------------------------- This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an insufficiently protected credentials vulnerability in BD's Alaris 8000 Point of Care unit, which provides a common user interface for programming intravenous infusions. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01 *** BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for protected credentials vulnerabilities in BD's Alaris 8015 Point of Care unit, which provides a common user interface for programming intravenous infusions. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02 *** BINOM3 Electric Power Quality Meter (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-17-031-01 BINOM3 Electric Power Quality Meter that was published January 31, 2017, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A *** Citrix NetScaler Nonce Generation Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037795 *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in Emergdata Driver of Huawei Smart Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-… --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in Goldeneye Driver of Huawei Smart Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-… --------------------------------------------- *** Security Advisory - MITM Vulnerability in Huawei Vmall APP *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server *** http://www-01.ibm.com/support/docview.wss?uid=swg21995427 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2016-6055) *** http://www.ibm.com/support/docview.wss?uid=swg21995515 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Rational Rhapsody Design Manager with potential for Denial of Service attack *** http://www.ibm.com/support/docview.wss?uid=swg21997798 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect IBM Mobile Connect as a product bundler *** http://www-01.ibm.com/support/docview.wss?uid=swg21989670 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009543 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2016-8858, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012) *** http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 7-02-2017
by Daily end-of-shift report 07 Feb '17

07 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-02-2017 18:00 − Dienstag 07-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Heute ist es soweit: Es ist Internationaler Safer Internet Day! *** --------------------------------------------- Der jährliche Aktionstag wurde 2004 von der Europäischen Kommission im Rahmen des Safer Internet-Programms ins Leben gerufen und findet seitdem jeden Februar statt. Mehr als 100 Länder beteiligen sich weltweit am Safer Internet Day, um über die sichere und verantwortungsvolle Internetnutzung aufzuklären. International organisiert das europäische Netzwerk Insafe den Safer Internet Day. --------------------------------------------- https://www.saferinternet.at/news/news-detail/article/heute-feiern-wir-es-i… *** DFN-CERT-2017-0216/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0216/ *** Got an OpenBSD Web server? Better patch it *** --------------------------------------------- DoS-able bugs splatted OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/07/got_an_open… *** Vuln: PEAR HTML_AJAX CVE-2017-5677 PHP Object Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96044 *** New Attack, Old Tricks *** --------------------------------------------- A Word document targets Mac users with malicious macros and an open-source payload. --------------------------------------------- https://objective-see.com/blog/blog_0x17.html *** Citrix License Server for Windows and License Server VPX CVE-2017-5571 Open Redirect Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96028/discuss *** DFN-CERT-2017-0217/">BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0217/ *** [2017-02-07] Multiple vulnerabilities in JUNG Smart Visu server *** --------------------------------------------- Attackers can dump password hashes and other available data from the operating system of the JUNG Smart Visu Server. An attacker is able to access and control all Smart Visu server installation if he is able to crack the hashes. The group address password can be removed by using a single PUT request. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021845 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation *** http://www.ibm.com/support/docview.wss?uid=swg21997654 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) Configuration tool *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024798 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSH affect IBM i *** http://www.ibm.com/support/docview.wss?uid=nas8N1021846 --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability in OpenSSL affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) *** http://www.ibm.com/support/docview.wss?uid=swg21997056 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2016-5597, CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997784 --------------------------------------------- *** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5883) *** http://www.ibm.com/support/docview.wss?uid=swg21997010 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cisco Switches and Directors. *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009663 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization *** http://www.ibm.com/support/docview.wss?uid=swg21982291 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect multiple N series products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009687 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 6-02-2017
by Daily end-of-shift report 06 Feb '17

06 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-02-2017 18:00 − Montag 06-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Vuln: Barracuda NextGen Firewal F-Series Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96000 *** Vuln: Multiple GStreamer Plug-ins Buffer Overflow and Denial Of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/96001 *** Honeywell SCADA Controllers Exposed Passwords in Clear Text *** --------------------------------------------- A series of remotely exploitable vulnerabilities - including clear text passwords - exist in a set of Honeywell SCADA systems. --------------------------------------------- http://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clea… *** [remote] - Netwave IP Camera - Password Disclosure *** --------------------------------------------- https://www.exploit-db.com/exploits/41236/?rss *** Security Advisory: Apache vulnerability CVE-2016-8743 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00373024.html?… *** Security Advisory: OpenSSL vulnerability CVE-2016-7055 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43570545.html?… *** [SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features *** --------------------------------------------- I published the following diary on isc.sans.org: "Detecting Undisclosed Vulnerabilities with Security Tools & Features". I'm a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the "SIEM of the poor", it integrates a lot of interesting features and is fully configurable ... --------------------------------------------- https://blog.rootshell.be/2017/02/04/sans-isc-diary-detecting-undisclosed-v… *** Kodi-Erweiterung machte Anwender zu Botnetz-Zellen *** --------------------------------------------- Anwender des Plug-ins "Exodus" für das Media-Center Kodi wurden zu unfreiwilligen Teilnehmern eines Botnets, das gezielte DDoS-Angriffe fuhr. Deren Ziel: Websites von Konkurrenten. --------------------------------------------- https://heise.de/-3617777 *** NATO presents the Tallinn Manual 2.0 on International Law Applicable to cyberspace *** --------------------------------------------- NATO's Cooperative Cyber Defense Centre of Excellence (CCDCOE) has published "Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations." Its world launch will be in Washington DC, February 8 at The Atlantic Council; followed by Europe at The Hague, February 13; and Tallinn, February 17. --------------------------------------------- http://securityaffairs.co/wordpress/56004/cyber-warfare-2/nato-tallinn-manu… *** Slammer worm slithers back online to attack ancient SQL servers *** --------------------------------------------- If you get taken down by this 13-year-old malware, you probably deserve it One of the worlds most famous net menaces, SQL Slammer, has resumed attacking servers some 13 years after it set records by infecting 75,000 servers in 10 minutes, researchers say. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/05/sql_slammer… *** Microsofts DRM can expose Windows-on-Tor users IP address *** --------------------------------------------- Anonymity-lovers best not watch movies as .WMV files Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsofts DRM system. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/06/microsoft_d… *** Bugtraq: ZoneMinder - multiple vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/540093 *** Anbieter des WordPress-Plugin BlogVault gehackt *** --------------------------------------------- Hacker haben bei einem Server-Einbruch Daten von BlogVault-Nutzern abgezogen. Anschließend sollen einige Webseiten, die auf das Plugin setzen, mit Malware infiziert worden sein, warnt der Anbieter. --------------------------------------------- https://heise.de/-3618141 *** Lurk: Retracing the Group's Five-Year Campaign *** --------------------------------------------- Fileless infections are exactly what their namesake says: theyre infections that dont involve malicious files being downloaded or written to the system's disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to gain privileges and persist in the system of interest to an attacker - all while staying under the radar. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kF9o3H2gLlM/ *** Überwachungsfirma Cellebrite: Hacker veröffentlicht iPhone-Cracking-Tools *** --------------------------------------------- Wenn Software zum Knacken von Smartphones existiert, dann gelangt diese auch in die Hände Dritter, erklärt der Hacker, der die angeblich von einer Überwachungsfirma stammenden Tools veröffentlicht hat. Ähnlich argumentierte zuletzt auch Apple. --------------------------------------------- https://heise.de/-3618462 *** Hacker hijacks thousands of publicly exposed printers to warn owners *** --------------------------------------------- Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages. --------------------------------------------- http://www.cio.com/article/3166048/security/hacker-hijacks-thousands-of-pub… *** ENISA: Challenges of security certification in emerging ICT environments *** --------------------------------------------- ENISA issues today its report on the Challenges of security certification in emerging ICT environments. The report is targeted at EU Member States (MS), the Commission, certification bodies and the private sector, and provides a thorough description of the cyber security certification status concerning the most critical equipment in various critical business sectors. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/challenges-of-security-certific… *** Chrome 57 [...] will no longer trust any StartSSL/Wosign issued certificates [...] *** --------------------------------------------- Previous communication from Google (https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html) had read as though it would only be certificates issued since October 21, 2016 wouldnt be trusted. It then went onto say that it may not trust other certificates but didnt really say what that meant. --------------------------------------------- https://forums.whirlpool.net.au/forum-replies.cfm?t=2605051 *** Six Best Practices for Securing a Robust Domain Name System (DNS) Infrastructure *** --------------------------------------------- The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong. --------------------------------------------- https://insights.sei.cmu.edu/sei_blog/2017/02/six-best-practices-for-securi… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021796 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation *** http://www.ibm.com/support/docview.wss?uid=swg21993091 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery. *** http://www-01.ibm.com/support/docview.wss?uid=swg21998167 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 3-02-2017
by Daily end-of-shift report 03 Feb '17

03 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-02-2017 18:00 − Freitag 03-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** How Google fought back against a crippling IoT-powered botnet and won *** --------------------------------------------- Behind the scenes defending KrebsOnSecurity against record-setting DDoS attacks. --------------------------------------------- https://arstechnica.com/security/2017/02/how-google-fought-back-against-a-c… *** Improved scripts in .lnk files now deliver Kovter in addition to Locky *** --------------------------------------------- Cybercriminals are using a combination of improved script and well-maintained download sites in trying to install Locky and Kovter on more computers. A few .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/02/improved-scripts-in-lnk… *** Underground Scams: Cutting the Head Off a Snake *** --------------------------------------------- Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter account that we mentioned .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Underground-Scams--Cutting-t… *** Cisco - Issue with Clock Signal Component *** --------------------------------------------- One of our readers, Dalibor Cerar, sent us an email about an issue impacting Cisco...at this point. While its a hardware issue, the result if it occurs is a self inflicted Denial of Service. Cisco released a notice on February 2 that some of .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22033&rss *** G-Suite: Google bringt S/MIME für Enterprise-Gmail *** --------------------------------------------- Google hat ein umfangreiches Update für die Enterprise-Version seiner G-Suite angekündigt: Mit dabei sind verpflichtende Hardwareschlüssel, S/MIME für Gmail und erweiterte Funktionen, um Datenverlust zu verhindern. --------------------------------------------- https://www.golem.de/news/enterprise-die-google-suite-soll-sicherer-werden-… *** Hacker veröffentlichen gestohlene Cellebrite-Software *** --------------------------------------------- Programme, die von den israelischen Sicherheitsexperten von Cellebrite zum Knacken von Smartphones genutzt werden, wurden nun veröffentlicht. --------------------------------------------- https://futurezone.at/digital-life/hacker-veroeffentlichen-gestohlene-celle… *** Rechnung in ZIP-Datei ist Schadsoftware *** --------------------------------------------- In ihrem E-Mailpostfach finden Internet-Nutzer/innen eine Nachricht mit dem Betreff „Rechnung Nr. xxxxx“. Darin heißt es, dass die Empfänger/innen das beigefügte Dokument als .. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/rechnung-in-zip-da… *** The power of sharing: ENISA report on cyber security information sharing in the energy sector *** --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-power-of-sharing-enisa-repo… *** Someone Tried to Resurrect 14-Year-Old SQL Slammer Worm *** --------------------------------------------- For a week in November and December 2016, someone tried to resurrect the 14-year-old SQL Slammer worm, .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/someone-tried-to-resurrect-1… *** Patch-Tag für Jenkins *** --------------------------------------------- Aktuelle Versionen beseitigen insgesamt 19 Security-Probleme in Jenkins, von denen eines als schwerwiegend eingestuft ist. --------------------------------------------- https://heise.de/-3617535 *** SQL-Injection-Lücke in McAfee ePolicy Orchestrator *** --------------------------------------------- McAfees Lösung für zentrales Security-Management in Firmen und Konzernen weist selbst ein schwerwiegendes Sicherheitsproblem auf. Ein Hotfix des Herstellers sorgt für Abhilfe. --------------------------------------------- https://heise.de/-3617503 *** Kritische Lücke in Microsoft Windows ermöglicht DoS / Remote Code Execution via SMB - noch keine Updates verfügbar *** --------------------------------------------- Im SMB-Code von Microsoft Windows wurde eine Schwachstelle entdeckt, die im harmlosesten Fall einen Absturz des Betriebsystems zur Folge haben kann, im schlimmsten Fall sogar Remote Code Execution erlaubt. --------------------------------------------- https://cert.at/warnings/all/20170203.html

1 0

Tageszusammenfassung - Donnerstag 2-02-2017
by Daily end-of-shift report 02 Feb '17

02 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-02-2017 18:00 − Donnerstag 02-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DSA-3780 ntfs-3g - security update *** --------------------------------------------- Jann Horn of Google Project Zero discovered that NTFS-3G, a read-writeNTFS driver for FUSE, does not scrub the environment before executingmodprobe with elevated privileges. A local user .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3780 *** Netherlands reverts to hand-counted votes to quell security fears *** --------------------------------------------- Windows XP? SHA-1? USB sneakernet? What were they thinking? Or smoking? The Netherlands has decided its vote-counting software isnt ready for prime time, and will revert to .. --------------------------------------------- www.theregister.co.uk/2017/02/02/netherlands_reverting_to_handcounted_votes… *** Extrem kritische Lücke in Ciscos Prime Home könnte unzählige Router gefährden *** --------------------------------------------- Internet- und Service-Anbieter sollten zügig ein Sicherheitsupdate für Cisco Prime Home installieren. Angreifer könnten Geräte mit wenig Aufwand missbrauchen und von da aus Router von Kunden übernehmen. --------------------------------------------- https://heise.de/-3615465 *** Gmail Drops Support for Windows XP and Vista Users on Chrome *** --------------------------------------------- Google says that starting with February 8, Chrome users will have to use version 54 or 55 (current) if they want to access their Gmail accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/software/gmail-drops-support-for-wind… *** DDoS attacks in Q4 2016 *** --------------------------------------------- 2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, .. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/77412/ddos-attacks… *** Jugendliche gehen schludrig mit Passwörtern um *** --------------------------------------------- Der Sicherheitsbewusstsein von österreichischen Jugendlichen und Unter-30-Jährigen ist schlecht ausgeprägt. Jeder Zweite hat sein Passwort schon einmal weitergegeben. --------------------------------------------- https://futurezone.at/digital-life/jugendliche-gehen-schludrig-mit-passwoer… *** Security: Der Secret Service gibt Tipps für Rechenzentrumsbetreiber *** --------------------------------------------- Ein Rechenzentrum behandeln wie das Weiße Haus? Diesen Tipp gab ein ehemaliger Mitarbeiter des Secret .. --------------------------------------------- http://www.golem.de/news/security-der-secret-service-gibt-tipps-fuer-rechen… *** KopiLuwak: A New JavaScript Payload from Turla *** --------------------------------------------- A new, unique JavaScript payload is now being used by Turla in targeted attacks. This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents. --------------------------------------------- http://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payloa… *** Hackerangriff auf Tschechiens Außenamt offenbar größer als gedacht *** --------------------------------------------- http://derstandard.at/2000052006680 *** Panne bei Handysignatur: Dokumentenname einsehbar *** --------------------------------------------- Laut "Die Presse" waren 14 Stunden lang der Name aller unterzeichneten Dokumente abrufbar --------------------------------------------- http://derstandard.at/2000052007651 *** Microsoft Windows SMB Tree Connect Response memory corruption vulnerability *** --------------------------------------------- Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system. --------------------------------------------- http://www.kb.cert.org/vuls/id/867968

1 0

Tageszusammenfassung - Mittwoch 1-02-2017
by Daily end-of-shift report 01 Feb '17

01 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 31-01-2017 18:00 − Mittwoch 01-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** BINOM3 Electric Power Quality Meter *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01 *** Ecava IntegraXor *** --------------------------------------------- This advisory contains mitigation details for an SQL injection vulnerability in the Ecava IntegraXor web server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02 *** "Ändere-dein-Passwort-Tag": Pro und Contra Passwortwechsel *** --------------------------------------------- Ist es sinnvoll, sein Passwort regelmäßig und vorsichtshalber zu ändern? Was in einigen Firmen verpflichtent ist, ist in Security-Kreisen umstritten. Unter Umständen kann das sogar kontraproduktiv sein. --------------------------------------------- https://heise.de/-3613327 *** Cerber tops Windows 10 ransomware charts *** --------------------------------------------- Crims aimed for a Christmas Number One and scored Net scum behind the Cerber ransomware have been pounding enterprises infecting more corporate machines than any other, according to Microsoft.… --------------------------------------------- www.theregister.co.uk/2017/02/01/cerber_windows_10/ *** We need to talk about Granny: Shes way more likely to fall for phishing *** --------------------------------------------- If you want to catch as many people as you can, go for the old legal razzle dazzle Usenix Enigma 2017 Research has shown that older people – particularly older .. --------------------------------------------- www.theregister.co.uk/2017/02/01/why_old_women_biggest_phishing_victims/ *** Quick Analysis of Data Left Available by Attackers, (Wed, Feb 1st) *** --------------------------------------------- While hunting for interesting cases, I found the following phishing email mimicking an UPS delivery notification: When you click on the link, you are redirected to the .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22015 *** Popular PlayStation and Xbox Gaming Forums Hacked; 2.5 Million Users Data Leaked *** --------------------------------------------- Do you own an account on one of the two hugely popular PlayStation and Xbox gaming forums? Your details may have been exposed, as it has been revealed that the two .. --------------------------------------------- http://thehackernews.com/2017/01/gaming-forum-hacking.html *** Nächstes Hacker-Ziel: Ihr Hirn *** --------------------------------------------- Neue Gehirn-Computer-Schnittstellen bringen die Gefahr von Hirn-Malware mit sich. Was wie eine Postillon-Schlagzeile klingt, beschäftigt ernsthafte Sicherheitsforscher. --------------------------------------------- https://heise.de/-3613672 *** Hacker Phineas Fisher dementiert, verhaftet worden zu sein *** --------------------------------------------- Katalanische Behörden hatten nach Hausdurchsuchungen mehrere Personen festgenommen --------------------------------------------- http://derstandard.at/2000051907276 *** Insiderhandel: Mitarbeiter verkaufen Firmengeheimnisse im Darknet *** --------------------------------------------- Auf illegalen Online-Marktplätzen werden derzeit offenbar gezielt Insider angeworben, um mit deren Informationen kriminelle Geschäfte zu ermöglichen. Die Bandbreite .. --------------------------------------------- http://www.golem.de/news/insiderhandel-mitarbeiter-verkaufen-firmengeheimni… *** Hacker One: Die Sicherheitslücken der US-Armee *** --------------------------------------------- Sicherheitsforscher hatten einen Monat Zeit, um die US-Armee zu hacken. 118 Sicherheitslücken wurden gefunden und beseitigt. Eine davon ermöglichte den Zugriff auf ein .. --------------------------------------------- http://www.golem.de/news/hacker-one-die-sicherheitsluecken-der-us-armee-170… *** Cisco Prime Home Authentication Bypass Vulnerability *** --------------------------------------------- A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Disclosure of Additional Security Fix in WordPress 4.7.2 *** --------------------------------------------- WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately. In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional .. --------------------------------------------- https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-securit…

1 0

Tageszusammenfassung - Dienstag 31-01-2017
by Daily end-of-shift report 31 Jan '17

31 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-01-2017 18:00 − Dienstag 31-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Printer Security *** --------------------------------------------- TL;DR: In this blog post we give an overview of attack scenarios based on network printers, and show the possibilities of an attacker who has access to a vulnerable printer. We present our evaluation of 20 different printer models and show that each of .. --------------------------------------------- https://web-in-security.blogspot.co.at/2017/01/printer-security.html *** CVE-2017-5521: Bypassing Authentication on NETGEAR Routers *** --------------------------------------------- Home routers are the first and sometimes last line of defense for a network. Despite this fact, many manufacturers of home routers fail to properly audit their devices for security issues before releasing them to the market. As security researchers, .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassin… *** Erpressungs-Trojaner Sage nutzt Bleeding-Edge-Krypto-Funktionen *** --------------------------------------------- Eine neue Ransomware-Familie orientiert sich bei der Verschlüsselung mit Curve25519 und ChaCha20 am oberen Ende des derzeit zur Verfügung stehenden Repertoires von Krypto-Funktionen. --------------------------------------------- https://heise.de/-3610664 *** DSA-3776 chromium-browser - security update *** --------------------------------------------- https://www.debian.org/security/2017/dsa-3776 *** HTTPS: Das halbe Web ist nun verschlüsselt *** --------------------------------------------- Verschlüsselter Traffic überholt laut Mozilla unverschlüsselte Verbindungen – Anstieg um zehn Prozent in einem Jahr --------------------------------------------- http://derstandard.at/2000051841631 *** We see you, ransomware flingers, testing out your baddest stuff on... Germany? *** --------------------------------------------- Securobods file data hostage report A security firm has floated the theory that malware authors are using German firms as a testing ground for their wares prior to wider distribution. --------------------------------------------- www.theregister.co.uk/2017/01/31/ransomware_sitrep_report/ *** Google zahlte letztes Jahr drei Millionen Dollar an Sicherheitsforscher *** --------------------------------------------- Mehr als je zuvor im Bug-Bounty-Programm – Je Fast eine Million für Android- und Chrome-Bugs --------------------------------------------- http://derstandard.at/2000051858649 *** Sicherheitsupdate: Angreifer könnten Sophos Web Appliance über Kommandozeile entern *** --------------------------------------------- Wer sein Netzwerk mit der Web Appliance von Sophos abschottet, sollte zügig prüfen, ob die aktuelle Software in Version 4.3.1 schon verfügbar ist. Diese Ausgabe schließt zwei Sicherheitslücken. --------------------------------------------- https://heise.de/-3612070 *** Sophisticated cyber attacks increase, while overall volume falls *** --------------------------------------------- NTT quarterly report highlights rise in sophistication but 35 per cent drop in overall attack volumes in Q4 2016 --------------------------------------------- https://www.htbridge.com/blog/sophisticated-cyber-attacks-increase-while-ov… *** Viele Lücken in tcpdump – Bedrohungen noch nicht in Gänze geklärt *** --------------------------------------------- Die aktuelle Version des Netzwerk-Sniffers rüstet sich gegen zahlreiche Schwachstellen, ist aber noch nicht überall verfügbar. --------------------------------------------- https://heise.de/-3612240 *** Tschechische Regierung meldet Hackerangriff auf E-Mail-Konten *** --------------------------------------------- Experten sollen Parallelen zu Hackerangriff auf Demokratische Partei in den USA vergangenes Jahr sehen --------------------------------------------- http://derstandard.at/2000051866541-406 *** Nested, Targeted Attacks Built for Reconnaissance *** --------------------------------------------- Researchers say NATO members were targeted for reconnaissance over the holidays by attacks using malicious OLE objects. --------------------------------------------- http://threatpost.com/nested-targeted-attacks-built-for-reconnaissance/1234… *** Usenix Enigma: Mit Sensorenmanipulation das Internet of Things verwirren *** --------------------------------------------- Autonome Systeme verlassen sich auf Sensoren, um ihre Umwelt zu verstehen. Ein Wissenschaftler hat auf der Sicherheitskonferenz Usenix Enigma demonstriert, wie sich .. --------------------------------------------- http://www.golem.de/news/usenix-enigma-mit-sensorenmanipulation-das-interne…

1 0

Tageszusammenfassung - Montag 30-01-2017
by Daily end-of-shift report 30 Jan '17

30 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-01-2017 18:00 − Montag 30-01-2017 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Dridex Returns With Windows UAC Bypass Method *** --------------------------------------------- Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user. --------------------------------------------- http://threatpost.com/dridex-returns-with-windows-uac-bypass-method/123420/ *** What Keeps My Honeypot Busy These Days, (Fri, Jan 27th) *** --------------------------------------------- Sometimes, it isnt the new and sophisticated attacks that keep your honeypots (and with that: you) busy, but things that make you go that works?. Looking over my honeypot today, I had a couple experiences like this. First of all, the old TR-064 NTP Server exploit that became big news when the Mirai botnet adopted it. Since then, most of the servers that hosted the follow-up code no longer deliver. But this doesnt prevent thousands of existing bots to persistently attempt the exploit. In... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21995&rss *** ATM "Shimmers" Target Chip-Based Cards *** --------------------------------------------- Several readers have called attention to warnings coming out of Canada about a supposed new form of ATM skimming called "shimming." Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Heres a brief primer on shimming attacks, and why they succeed. --------------------------------------------- https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/ *** Request for Packets and Logs - TCP 5358, (Sat, Jan 28th) *** --------------------------------------------- pStarting Sunday (22 Jan 17), there was a huge spike this week against TCP 5358. If anyone has logs or packets (traffic) that might help identify what it is can submit them via our a href="https://isc.sans.edu/contact.html"contact/a page would be appreciated. This is a snapshot as to what was reported so far this week in DShield./p p width:500px" //p p[1] https://isc.sans.edu/contact.html/p p-----------br / Guy Bruneau a href="http://www.ipss.ca/"IPSS Inc./abr / --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21997&rss *** Adblock Plus: Staatsanwaltschaft durchsucht Werbeblocker-Anbieter Eyeo *** --------------------------------------------- Der Kölner Adblocker-Anbieter Eyeo hat nun auch Ärger mit der Justiz. Hintergrund dürfte der Streit über die Frage sein, wer für die Erstellung von Filterregeln in der Easylist verantwortlich ist. --------------------------------------------- http://www.golem.de/news/adblock-plus-staatsanwaltschaft-durchsucht-werbebl… *** XSender: The Source of All the Recent XMPP Spam *** --------------------------------------------- In recent months, security researchers, hackers, and other dwellers of the cyber-criminal underground have noticed an uptick in XMPP (formerly Jabber) spam. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/xsender-the-source-of-all-th… *** Facebook: Sicheres Einloggen per USB-Stick *** --------------------------------------------- Die Zwei-Faktor-Authentifizierung bei Facebook kann nun auch per Fido-USB-Sticks oder NFC-Tags erfolgen. --------------------------------------------- https://futurezone.at/digital-life/facebook-sicheres-einloggen-per-usb-stic… *** A Shakeup in Russia's Top Cybercrime Unit *** --------------------------------------------- A chief criticism I heard from readers of my book, Spam Nation: The Inside Story of Organized Cybercrime, was that it dealt primarily with petty crooks involved in petty crimes, while ignoring more substantive security issues like government surveillance and cyber war. But now it appears that the chief antagonist of Spam Nation is at the dead center of an international scandal involving the hacking of U.S. state electoral boards in Arizona and Illinois, the sacking of Russias top cybercrime... --------------------------------------------- https://krebsonsecurity.com/2017/01/a-shakeup-in-russias-top-cybercrime-uni… *** Überwachungskameras von Washington DC mit Ransomware infiziert *** --------------------------------------------- Nur acht Tage vor Trumps Angelobung wurde das Netzwerk der Überwachungskameras in der US-Hauptstadt angegriffen und teilweise lahmgelegt. --------------------------------------------- https://futurezone.at/digital-life/ueberwachungskameras-von-washington-dc-m… *** Google auf dem Weg zur unabhängigen Root-CA *** --------------------------------------------- Künftig will das Unternehmen über den Google Trust Service eigene SSL-/TLS-Zertifikate ausstellen. Diese sollen bei Google-Diensten und Angeboten des Google-Mutterkonzerns Alphabet zum Einsatz kommen. --------------------------------------------- https://heise.de/-3610041 *** Averting ransomware epidemics in corporate networks with Windows Defender ATP *** --------------------------------------------- Microsoft security researchers continue to observe ransomware campaigns blanketing the market and indiscriminately hitting potential targets. Unsurprisingly, these campaigns also continue to use email and the web as primary delivery mechanisms. Also, it appears that most corporate victims are simply caught by the wide nets cast by ransomware operators. Unlike cyberespionage groups, ransomware operators do... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epi… *** Kritische Lücke in WebEx: Cisco stellt offensichtlich finale Sicherheitsupdates bereit *** --------------------------------------------- Nach mehreren vermeintlich abgesicherten Version von WebEx hat Cisco nun eigenen Angaben zufolge vollwertige Sicherheitsupdates veröffentlicht. Einige Unklarheiten bleiben aber. --------------------------------------------- https://heise.de/-3610749 *** [2017-01-30] XSS and CSRF vulnerabiliies in multiple Ubiquiti Networks products *** --------------------------------------------- Many products of Ubiquiti Networks are affected by a cross site scripting vulnerability. Malicious JavaScript code can be executed in the browser of the user. Furthermore, different actions on the system can be triggered by CSRF attacks. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0 *** --------------------------------------------- Microsoft is aware of a security vulnerability in the public version of ASP.NET Core MVC 1.1.0 where a malformed HTTP request could lead to a denial of service. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/4010983 *** Cryptkeeper Sets the same password "p" for everything independently of user input *** --------------------------------------------- https://www.reddit.com/r/netsec/comments/5r16na/cryptkeeper_sets_the_same_p… *** DSA-3775 tcpdump - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in tcpdump, a command-linenetwork traffic analyzer. These vulnerabilities might result in denialof service or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3775 *** TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities *** --------------------------------------------- The administration interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed via the redirect_url GET parameter is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5393.php *** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF *** --------------------------------------------- SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5392.php *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009714 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in SSL affects IBM DataPower Gateways (CVE-2016-8610) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997209 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21997764 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 27-01-2017
by Daily end-of-shift report 27 Jan '17

27 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-01-2017 18:00 − Freitag 27-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Zbot with legitimate applications on board *** --------------------------------------------- Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader - a downloader installing on the victim machine a ZeuS-based malware. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/01/zbot-with-legitimate-appli… *** Phishers unleash simple but effective social engineering techniques using PDF attachments *** --------------------------------------------- The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We're seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks that attempt to steal your email credentials. Apparently, the... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple… *** Hintergrund: So hacken Maschinen *** --------------------------------------------- Team Shellphish war einer der Teilnehmer der Cyber Grand Challenge der DARPA; jetzt beschreiben sie ihren Mechanical Phish und dessen Strategie. --------------------------------------------- https://heise.de/-3608169 *** Bezahlung oder Kontosperre: Nationalbank warnt vor Telefonbetrug *** --------------------------------------------- Unbekannte fälschen Telefonnummer von Bank und Anwalt, um Opfer unter Druck zu setzen --------------------------------------------- http://derstandard.at/2000051638010 *** Security for Privacy on Data Protection Day *** --------------------------------------------- On 28th January, ENISA joins 47 countries of the Council of Europe and the EU institutions, agencies and bodies, to celebrate the 11th annual European Data Protection Day. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-pr… *** Sicherheitsupdate: Entwickler von TigerVNC raten zur zügigen Aktualisierung *** --------------------------------------------- Durch das Ausnutzen einer Lücke könnten Angreifer im Zuge einer Virtual-Network-Computing Session Clients kapern. --------------------------------------------- https://heise.de/-3609051 *** Cisco starts patching critical flaw in WebEx browser extension *** --------------------------------------------- Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx... --------------------------------------------- http://www.cio.com/article/3162014/security/cisco-starts-patching-critical-… *** Heartbleed: (Almost) three years later *** --------------------------------------------- Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets. I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are based on the list of domains under the Austrian ccTLD .at. We published a first report on these results in the summer of 2014. Were close to the three... --------------------------------------------- http://www.cert.at/services/blog/20170127160051-1894_en.html *** Security Advisory: OpenSSH vulnerability CVE-2016-10011 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24324390.html?… *** IDM 4.5 Midrange BiDirectional Driver 201611271513 *** --------------------------------------------- Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.5 or higher. Driver version will show i5os Driver Version 4.5 Build Date 201611271513.To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)This patch also requires the driver activation from IDM 4.5Document ID: 5271130Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45midrange20161127.tar.gz (47.54 MB)Products:Identity Manager 4.0.2Identity... --------------------------------------------- https://download.novell.com/Download?buildid=lY8lK_WKOeQ~ *** Bugtraq: ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/540060 *** Vuln: EMC PowerPath Virtual (Management) Appliance CVE-2016-0890 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95832 *** Eaton ePDU Path Traversal Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in certain legacy Eaton ePDUs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01 *** Belden Hirschmann GECKO *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in Beldens Hirschmann GECKO switch. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02 *** RSA Web Threat Detection Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037726 *** Vuln: Terminal Services Agent CVE-2017-5328 Spoofing Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95823 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542) *** http://www.ibm.com/support/docview.wss?uid=swg21994101 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099533 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System Networking Switch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099505 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM System Networking RackSwitch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099506 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 26-01-2017
by Daily end-of-shift report 26 Jan '17

26 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 25-01-2017 18:00 − Donnerstag 26-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** VirLocker's comeback; including recovery instructions *** --------------------------------------------- Virlocker is back, the nightmare is still real. But we have found a way to at least recover your important files even if the affected machine can be considered a loss.Categories: Malware Threat analysisTags: file infectingfile recoverymalwarepolymorphicransomwareself propagatingVirLockVirlocker(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/01/virlockers-comeback-i… *** Cisco WebEx code execution hole - what you need to know *** --------------------------------------------- Googles Project Zero found a serious hole in Ciscos WebEx browser extension that is nearly but not yet fully fixed. Heres what to do. --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/XBY4vnKgI4U/ *** Powerful Android RAT impersonates Netflix app *** --------------------------------------------- Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. The latest example of this is the fake Netflix app spotted by Zscaler researchers. The fake app looks genuine at first glance, as it sports the same icon the actual legitimate Netflix app uses. But once it is installed on a smartphone or tablet and the victim clicks on it, it vanishes from... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/26/android-rat-netflix-app/ *** Android VPN Apps Caught Intercepting Traffic, Failing to Encrypt *** --------------------------------------------- New research released this week reveals that a large chunk of today Android VPN clients are a serious security and privacy risk, with some clients failing to encrypt traffic, and some even injecting ads in a customers browsing experience. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-vpn-apps-caught-inte… *** Shamoon disk-wiping attackers can now destroy virtual desktops, too *** --------------------------------------------- Mystery malware begins targeting a key disk-wiping defense. --------------------------------------------- https://arstechnica.com/security/2017/01/shamoon-disk-wiping-malware-can-no… *** Analysis of new Shamoon infections *** --------------------------------------------- All of the initial analysis pointed to Shamoon emerging in the Middle East. This however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 Shamoon incidents had been reported from public to private sector. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/26/shamoon-infections/ *** Gefälschte A1-Phishingmail: Neue Messaging-Plattform *** --------------------------------------------- Kriminelle versenden eine gefälschte A1 Online-Nachricht. Sie hat das Betreff "Maßnahme erforderlich: Neue Messaging-Plattform" und fordert von Empfänger/innen, dass sie ihre Zugangsdaten auf einer Website bekannt geben. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-a1-phishingmail-neue… *** OpenSSL Security Advisory [26 Jan 2017] *** --------------------------------------------- Truncated packet could crash via OOB read (CVE-2017-3731) Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) Montgomery multiplication may produce incorrect results (CVE-2016-7055) Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. --------------------------------------------- https://www.openssl.org/news/secadv/20170126.txt *** DFN-CERT-2017-0154: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0154/ *** IETF IPv6 Protocol CVE-2016-10142 Denial of Service Vulnerability *** --------------------------------------------- CVE-2016-10142 kernel - IPV6 fragmentation flaw https://bugzilla.redhat.com/show_bug.cgi?id=1415908 --------------------------------------------- Generation of IPv6 Atomic Fragments Considered Harmful https://tools.ietf.org/html/rfc8021 --------------------------------------------- http://www.securityfocus.com/bid/95797/ *** Security Advisory: TMM vulnerability CVE-2016-9249 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71282001.html?… *** Bugtraq: ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/540050 *** Vuln: Multiple TIBCO Products CVE-2017-3180 Multiple Unspecified Cross-Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95699 *** Vuln: Autodesk FBX-SDK CVE-2016-9307 Multiple Buffer Overflow Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95802 *** Vuln: Autodesk FBX-SDK CVE-2016-9304 Multiple Buffer Overflow Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95799 *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple IBM Websphere Application Server (WAS) vulnerabilities (CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 ) *** --------------------------------------------- Multiple vulnerabilities have been identified in the IBM Websphere Application Server (WAS) that is embedded in IBM FSM. This update addresses these issues. CVE(s): CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs for... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024555 *** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities *** --------------------------------------------- IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries CVE(s): CVE-2014-3574, CVE-2014-3529, CVE-2016-5000 Affected product(s) and affected version(s): IBM Forms Experience Builder 8.5 IBM Forms Experience Builder 8.5.1 IBM Forms Experience Builder 8.6 Refer to the following reference URLs for remediation and... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21997296 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) *** --------------------------------------------- There are multiple vulnerabilities in IBM Runtime Environment Java Version 1.5 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in January and April 2016. This Bulletin addresses these vulnerabilities. CVE(s): CVE-2015-7575, CVE-2016-0448, CVE-2016-0475, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-0264, CVE-2016-3426 Affected product(s) and affected version(s): Flex... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024558

1 0

Tageszusammenfassung - Mittwoch 25-01-2017
by Daily end-of-shift report 25 Jan '17

25 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-01-2017 18:00 − Mittwoch 25-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Kritische Sicherheitslücke in der Webshop-Software Shopware *** --------------------------------------------- Die vor allem in Deutschland beliebte Software aus Schöppingen hat eine Schwachstelle, über die Angreifer beliebigen Schadcode ausführen können. --------------------------------------------- https://heise.de/-3606627 *** VB2016 paper: Great crypto failures *** --------------------------------------------- Crypto is hard, and malware authors often make mistakes. At VB2016, Check Point researchers Yaniv Balmas and Ben Herzog discussed the whys and hows of some of the crypto blunders made by malware authors. Today, we publish their paper and the recording of their presentation. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/01/vb2016-paper-great-crypto-fa… *** Call for Papers: VB2017 *** --------------------------------------------- We have opened the Call for Papers for VB2017. We are particularly interested in receiving submissions from those working outside the security industry itself. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/01/call-papers-vb2017/ *** Malicious SVG Files in the Wild, (Tue, Jan 24th) *** --------------------------------------------- In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people [1]. SVG files (or Scalable Vector Graphics) are vector images that can be displayed in most modern browsers (natively or via a specific plugin). More precisely, Internet Explorer 9 supports the basic SVG feature sets and IE10 extended the support by adding SVG 1.1 support. In the Microsoft Windows operating system,SVG files are handled by Internet Explorer by default. From a file format point... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21971&rss *** Sicherheitspatch: Western Digital My Cloud Mirror empfänglich für Schadcode *** --------------------------------------------- Besitzer des Netzwerkspeichers sollten aus Sicherheitsgründen prüfen, dass sie die aktuelle Firmware installiert haben. --------------------------------------------- https://heise.de/-3606909 *** Trojan Transforms Linux Devices into Proxies for Malicious Traffic *** --------------------------------------------- Security researchers have uncovered a new trojan that targets Linux devices that is capable of transforming infected machines into proxy servers and relay malicious traffic, hiding the true origin of attacks or other nefarious activities. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/trojan-transforms-linux-devi… *** Capturing Pattern-Lock Authentication *** --------------------------------------------- Interesting research -- "Cracking Android Pattern Lock in Five Attempts": Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed u sing a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer... --------------------------------------------- https://www.schneier.com/blog/archives/2017/01/capturing_patte.html *** Wartungsarbeiten Dienstag, 31. 1. 2017 *** --------------------------------------------- http://www.cert.at/services/blog/20170125134029-1890.html *** Detecting threat actors in recent German industrial attacks with Windows Defender ATP *** --------------------------------------------- When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of malware as their main implant, giving them persistent access to the conglomerate's network as early... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors… *** Lücke in Samsung-Handys: Endlos-Bootschleife durch Killer-SMS *** --------------------------------------------- Samsung hat eine Lücke in älteren Geräten gestopft, die missbraucht werden kann, diese in eine Bootschleife zu versetzen und Angreifern wahrscheinlich auch die Möglichkeit gibt, Schadcode auszuführen. Geräte anderer Hersteller sind wohl noch verwundbar. --------------------------------------------- https://heise.de/-3607266 *** DFN-CERT-2017-0142: Mozilla Firefox, Firefox ESR, Tor Browser: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0142/ *** IDM 4.5 SAP User Driver Version 4.0.1.0 *** --------------------------------------------- Abstract: Patch update for the NetIQ Identity Manager SAP User Manager driver with the SAP JCO version 3. This patch will take the driver version to 4.0.1.0. You must have IDM 4.5 or later to use this driver. You should only use this patch if you are using SAP JCO3. It will not work with SAP JCO2. NetIQ recommends that users of SAP JCO2 transition to SAP JCO3 and use the IDM SAP User Manager driver for JCO3. Future versions of IDM do not support SAP JCO2.Document ID: 5269090Security Alert:... --------------------------------------------- https://download.novell.com/Download?buildid=juq3iF7EF5o~ *** Citrix Provisioning Services Multiple Security Updates *** --------------------------------------------- https://support.citrix.com/article/CTX219580 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- https://support.citrix.com/article/CTX220112 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability affecting FileNet Content Manager and IBM Content Foundation (CVE-2013-5462) *** http://www.ibm.com/support/docview.wss?uid=swg21994241 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector for SAP Applications (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996483 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Enterprise Content Management System Monitor *** http://www-01.ibm.com/support/docview.wss?uid=swg21997196 --------------------------------------------- *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Authentication Bypass Vulnerability in the Find Phone Function of some Huawei Smart Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Security Advisory - Two Security Vulnerabilities in Huawei EMUI *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Security Advisory - Improper Permission Control Vulnerability in Huawei Vmall Alert Service *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Browser Extension Remote Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** HP Security Bulletins *** --------------------------------------------- *** Bugtraq: [security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information *** http://www.securityfocus.com/archive/1/540044 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access *** http://www.securityfocus.com/archive/1/540048 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) *** http://www.securityfocus.com/archive/1/540047 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities *** http://www.securityfocus.com/archive/1/540046 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 24-01-2017
by Daily end-of-shift report 24 Jan '17

24 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-01-2017 18:00 − Dienstag 24-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Java: Das Ende von MD5 und SHA-1 naht *** --------------------------------------------- Oracle hat angekündigt, dass mit seinem nächsten Quartalsupdate MD5 für die Signatur von JAR-Paketen ausgemustert wird. Ebenso soll das JDK nur noch in Ausnahmen SHA-1-Zertifikate anerkennen. --------------------------------------------- https://heise.de/-3606356 *** Elga ist laut Experten leicht zu hacken *** --------------------------------------------- Personal braucht für Zugriff nur ein Passwort. Das sei zu wenig, warnt ein Fachmann. --------------------------------------------- https://kurier.at/chronik%2Foesterreich/elga-ist-laut-experten-leicht-zu-ha… *** Sicherheitsupdate: Apple patcht Root-Exploits für fast alle Plattformen *** --------------------------------------------- Apple hat umfangreiche Sicherheitsupdates für alle Plattformen herausgegeben. Ein Root-Exploit im Kernel betrifft zahlreiche Geräte, darüber hinaus gibt es viele Fehler in Webkit und in verschiedenen Bibliotheken. --------------------------------------------- http://www.golem.de/news/sicherheitsupdate-apple-patcht-root-exploits-fuer-… *** Charger mobile ransomware steals contacts and SMS messages *** --------------------------------------------- Check Point's mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger. Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user's device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment. Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/24/charger-mobile-ransomware/ *** Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution *** --------------------------------------------- TL;DR: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target users system. --------------------------------------------- https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 *** Microsoft Reveals Windows Defender Security Center Scheduled for Creators Update *** --------------------------------------------- The Windows 10 Creators Update scheduled for launch later this year will include an upgrade of the default Windows Defender antivirus, which will feature a new settings panel named the Windows Defender Security Center. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-windows-d… *** Furby Rickroll demo: what fresh hell is this? *** --------------------------------------------- Toy-makers, please quit this rubbish, youre NO GOOD at security Heres your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/24/furby_rickr… *** HummingBad Android Malware Found in 20 Google Play Store Apps *** --------------------------------------------- HummingBad, an Android malware estimated to have touched over 85 million devices worldwide, was recently found in 46 new applications, 20 of which had even made their way into the official Play Store, passing Googles security checks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/hummingbad-android-malware-f… *** Advice to a New SCADA Engineer *** --------------------------------------------- Target Audience As I have come in contact with those new to industrial control systems - whether they be supervisor control and data acquisition (SCADA) systems, building automation, process automation, or what not - I have come to the conclusion that whether the individual is trade school educated or college educated, they are not prepared... --------------------------------------------- http://resources.infosecinstitute.com/advice-to-a-new-scada-engineer/ *** How to Have Fun With IPv6 Fragments and Scapy, (Mon, Jan 23rd) *** --------------------------------------------- I may extend this with a second entry later this week. But as so often, I found myself on a long flight with some time on my hands, and since the IETF just released a new RFC regarding IPv6 atomic fragments, I figured I will play a bit with scapy to kill time. [1] And well, this also makes good material for my IPv6 class [2]. This is supposed to entice you to play and experiment. Let me know if you find anything neat. Fragmentation is a necessary evil of packet networking. Packets will... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21963&rss *** Gefälschte A1 Online-Rechnung verbirgt Schadsoftware *** --------------------------------------------- Kriminelle versenden eine gefälschte A1 Online-Rechnung. Darin nennen sie ein hohes Verbindungsentgelt und das verbrauchte Datenvolumen. Der Nachricht ist die Datei "rechnung_1.zip" beigefügt. Sie verbirgt Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-onl… *** Ein Jahr alte Root-Schwachstelle in Systemd aufgetaucht *** --------------------------------------------- Die Entwickler des Init-Systems Systemd haben im vergangenen Jahr eine Lücke geschlossen, über die ein Angreifer Root-Rechte erlangen kann. Allerdings wurde diese Lücke zuerst unterschätzt und blieb unbeachtet. --------------------------------------------- https://heise.de/-3606599 *** Vuln: LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95705 *** EMC Avamar Data Store and Avamar Virtual Edition File Ownership Error Lets Local Users Obtain Root Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037667 *** RSA Security Analytics Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037666 *** DFN-CERT-2017-0137: Apache Software Foundation Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0137/ *** Security Advisory 2017-01: Security Update for OTRS Business Solution *** --------------------------------------------- January 24, 2017 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://www.otrs.com/security-advisory-2017-01-security-update-otrs-busines… *** DFN-CERT-2017-0136: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. eine Privilegieneskalation *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0136/ *** Forthcoming OpenSSL releases *** --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2k, 1.1.0d. These releases will be made available on 26th January 2017 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity "moderate". --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2017-January/000091.html *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-10009 *** https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31440025.html?… --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-10010 *** https://support.f5.com:443/kb/en-us/solutions/public/k/64/sol64292204.html?… --------------------------------------------- *** Security Advisory: PHPMailer vulnerability CVE-2016-10033 *** https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74977440.html?… --------------------------------------------- *** Apple Security Updates *** --------------------------------------------- *** macOS Sierra 10.12.3 *** https://support.apple.com/kb/HT207483 --------------------------------------------- *** iOS 10.2.1 *** https://support.apple.com/kb/HT207482 --------------------------------------------- *** tvOS 10.1.1 *** https://support.apple.com/kb/HT207485 --------------------------------------------- *** watchOS 3.1.3 *** https://support.apple.com/kb/HT207487 --------------------------------------------- *** iCloud for Windows 6.1.1 *** https://support.apple.com/kb/HT207481 --------------------------------------------- *** Safari 10.0.3 *** https://support.apple.com/kb/HT207484 --------------------------------------------- *** iTunes 12.5.5 for Windows *** https://support.apple.com/kb/HT207486 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in sudo affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024766 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in expat affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024767 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995440 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in GnuPG (gpg) affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024768 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024769 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in QEMU affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024770 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in nettle affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024771 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024772 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024773 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024775 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 23-01-2017
by Daily end-of-shift report 23 Jan '17

23 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-01-2017 18:00 − Montag 23-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** PowerShell 5.1 for Windows 7 and later , (Fri, Jan 20th) *** --------------------------------------------- Microsoft has released Windows Management Framework 5.1 for windows 7 and later. WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition.">">"> (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21957&rss *** Hotel zum vierten Mal von Hackern lahmgelegt *** --------------------------------------------- Das Seehotel Jägerwirt auf der Turracher Höhe ist bereits zum vierten Mal von Hackern heimgesucht und erpresst worden. Die elektronischen Zimmerschlüssel wurden lahmgelegt. Daher will man jetzt zu normalen Schlüsseln zurückkehren. --------------------------------------------- http://kaernten.orf.at/news/stories/2821290/ *** Stopping Malware With a Fake Virtual Machine *** --------------------------------------------- As we explained in a previous post, some advanced malware can detect a virtual environment such as a sandbox to avoid detection and analysis. Some threats can also detect monitoring tools used for malware analysis. Often such malware will not execute or change their behavior to appear harmless. Because some malware uses these tactics, planting fake virtual machine artefacts or fake analysis tools on a system... --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/stopping-malware-fake-virtu… *** Wartungsarbeiten Dienstag, 24. 1. 2017 *** --------------------------------------------- Am Dienstag, 24. Jänner 2017, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen. Es gehen dabei keine Daten (zb Emails) verloren, die Bearbeitung kann sich allerdings verzögern. --------------------------------------------- http://www.cert.at/services/blog/20170120104523-1882.html *** The Week in Ransomware - January 20th 2017 - Satan RaaS, Spora, Locky, and More *** --------------------------------------------- This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-janua… *** Sage 2.0 Ransomware, (Sat, Jan 21st) *** --------------------------------------------- Introduction On Friday 2017-01-20, I checked on a malicious spam (malspam) campaign that normally distributes Cerber ransomware. That Friday it delivered ransomware Id never seen before called Sage. More specifically, it was Sage 2.0." /> Shown above: Its always fun to find ransomawre thats not Cerber or Locky. Sage is yet another family of ransomware in an already crowded field. It was noted on BleepingComputer forums back in December 2016 [1, 2], and Sage is apparently a variant of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21959&rss *** Symantec schlampt erneut mit TLS-Zertifikaten *** --------------------------------------------- Offenbar haben mehrere von Symantec betriebene Certificate Authorities (CAs) unberechtigterweise über 100 TLS-Zertifikate ausgestellt. Das kann ein Auslesen des Datenverkehrs von HTTPS-geschützten Websites durch Dritte ermöglichen. --------------------------------------------- https://heise.de/-3604190 *** Android permissions and hypocrisy *** --------------------------------------------- I wrote a piece a few days ago about how the Meitu app asked for a bunch of permissions in ways that might concern people, but which were not actually any worse than many other apps. The fact that Android makes it so easy for apps to obtain data thats personally identifiable is of concern, but in the absence of another stable device identifier this is the sort of thing that capitalism is inherently going to end up making use of. Fundamentally, this is Googles problem to fix. --------------------------------------------- http://mjg59.dreamwidth.org/46403.html *** Researchers predict upsurge of Android banking malware *** --------------------------------------------- Android users, beware: source code and instructions for creating a potent Android banking Trojan have been leaked on a hacker forum, and researchers are expecting an onslaught of malware based on it. In fact, one has already been spotted. Masquerading as a variety of benign apps (e.g. Google Play) on third-party Android app markets, the Trojan - dubbed Android.BankBot.149.origin by Dr. Web researchers - is eminently capable. It can: Send and intercept text messages (including... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/23/upsurge-android-banking-malware/ *** Massive Twitter Botnet Dormant Since 2013 *** --------------------------------------------- Researchers from the University College London have found a Twitter botnet of 350,000 bots that has been dormant since shortly after the accounts were registered. --------------------------------------------- http://threatpost.com/massive-twitter-botnet-dormant-since-2013/123246/ *** Heartbleed: OpenSSL hört nicht auf zu bluten *** --------------------------------------------- Eine Analyse der öffentlich im Internet erreichbaren Systeme zeigt, dass immer noch Hunderttausende für die OpenSSL-Lücke Heartbleed anfällig sind. Die bald drei Jahre alte Lücke findet sich demnach hauptsächlich in Mietservern der Cloud. --------------------------------------------- https://heise.de/-3605222 *** QNAP Storage Devices Firmware Update Flaw Lets Remote Users Access the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037663 *** DSA-3769 libphp-swiftmailer - security update *** --------------------------------------------- Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, amailing solution for PHP, did not correctly validate user input. Thisallowed a remote attacker to execute arbitrary code by passingspecially formatted email addresses in specific email headers. --------------------------------------------- https://www.debian.org/security/2017/dsa-3769 *** DSA-3770 mariadb-10.0 - security update *** --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.29. Please see the MariaDB 10.0 Release Notes for furtherdetails:... --------------------------------------------- https://www.debian.org/security/2017/dsa-3770 *** DFN-CERT-2017-0123: OpenJPEG: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0123/ *** Security Notice - Statement on Flanker Revealing Privilege Elevation Vulnerability in Huawei EMUI Keyguard Application *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170123-01-… *** Vuln: Red Hat JBoss Enterprise Application Platform CVE-2016-8627 Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95698 *** Security Advisories Relating to Symantec Products - Norton Download Manager DLL Loading *** --------------------------------------------- Symantec has released an update to address a DLL loading vulnerability detected in the Norton Download Manager for affected products --------------------------------------------- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s… *** Vuln: Brocade Network Advisor CVE-2016-8204 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95695 *** Vuln: Brocade Network Advisor CVE-2016-8205 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95694 *** Vuln: Brocade Network Advisor CVE-2016-8206 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95692 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction (CVE-2016-5597, CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997219 --------------------------------------------- *** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991280 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099501 --------------------------------------------- *** IBM Security Bulletin: HTTP Response Splitting in WebSphere Application Server affects IBM Virtualization Engine TS7700 (CVE-2016-0359) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009661 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 20-01-2017
by Daily end-of-shift report 20 Jan '17

20 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-01-2017 18:00 − Freitag 20-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Satan: A new ransomware-as-a-service *** --------------------------------------------- Ransomware as a Service (RaaS) has been growing steadily since it made its debut in 2015 with Tox. With the new Satan .. --------------------------------------------- https://www.webroot.com/blog/2017/01/19/satan-new-ransomware-service *** DSA-3767 mysql-5.5 - security update *** --------------------------------------------- Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3767 *** Unbreakable Locky ransomware is on the march again *** --------------------------------------------- Necrus botnet wakes up and starts fresh malware-cano Cisco is warning of possible return of a massive ransomware spam .. --------------------------------------------- www.theregister.co.uk/2017/01/20/locky_ransomware_horrorshow_returns/ *** Internetsicherheit 2016: Erpressungstrojaner boomen in Österreich *** --------------------------------------------- Unternehmen verstärkt im Visier von DDOS-Erpressern – Geheimdienste verstärkt tätig --------------------------------------------- http://derstandard.at/2000051229037 *** Angebliche Backdoor: Kryptographen kritisieren Whatsapp-Bericht des Guardian *** --------------------------------------------- Die Diskussion um die angebliche Backdoor in Whatsapp reißt nicht ab. Bekannte Sicherheitsforscher wie .. --------------------------------------------- http://www.golem.de/news/angebliche-backdoor-kryptographen-kritisieren-what… *** Social Engineering: Neue Angriffsmethode richtet sich gegen Firmen *** --------------------------------------------- In den letzten Tagen wurden der Melde- und Analysestelle Informationssicherung MELANI mehrere Fälle gemeldet, bei denen Betrüger Firmen anrufen, sich als .. --------------------------------------------- https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/social-… *** Achtung: Große Anzahl von Netgear-Routern lässt sich über Admin-Interface kapern *** --------------------------------------------- Gleich 30 Router-Modelle von Netgear enthalten eine Schwachstelle, die es Angreifern ermöglicht, die Admin-Passwörter der Geräte auszulesen und diese komplett zu übernehmen. Die Updates des Herstellers sollten umgehend eingespielt werden. --------------------------------------------- https://heise.de/-3603918 *** Wieder Ermittlungen gegen Skidata im Betriebsspionage-Verfahren *** --------------------------------------------- http://derstandard.at/2000051248975 *** ZDI-17-044: Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations .. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-044/ *** ZDI-17-045: Adobe Reader DC XSLT apply-templates Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-045/ *** ZDI-17-053: Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-053/

1 0

Tageszusammenfassung - Donnerstag 19-01-2017
by Daily end-of-shift report 19 Jan '17

19 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-01-2017 18:00 − Donnerstag 19-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Who is Anna-Senpai, the Mirai Worm Author? *** --------------------------------------------- On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that .. --------------------------------------------- https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-autho… *** Docker Patches Container Escape Vulnerability *** --------------------------------------------- Docker has patched a privilege escalation vulnerability that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container. --------------------------------------------- http://threatpost.com/docker-patches-container-escape-vulnerability/123161/ *** Database Ransom Attacks Hit CouchDB and Hadoop Servers *** --------------------------------------------- For the past week, unknown groups of cyber-criminals have taken control of and wiped data from CouchDB and Hadoop databases, in some cases asking for a ransom fee to return the .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/database-ransom-attacks-hit-… *** Adobes naughty Chrome telemetry code had XSS problem *** --------------------------------------------- Since patched, but a bad look for Adobe when it cant even get snoopware right Adobes pushed out a fix for its already-controversial Chrome telemetry extension after Project Zeros Tavis Ormandy found an .. --------------------------------------------- www.theregister.co.uk/2017/01/19/adobe_telemetry_patch_patched_against_xss/ *** Insecure Hadoop installs next in net scum crosshairs *** --------------------------------------------- Because MongoDB, Elasticsearch ransomware attacks are sooo last week Rinse-and-repeat ransomware attacks on data services left unsecured by dozy sysadmins are now hitting Hadoop instances. --------------------------------------------- www.theregister.co.uk/2017/01/19/insecure_hadoop_installs_under_attack/ *** Ex-Sysadmin fordert 200.000 Dollar für Nennung von Passwort *** --------------------------------------------- US-amerikanisches College wirft ehemaligem Mitarbeiter Erpressung vor --------------------------------------------- http://derstandard.at/2000050946919 *** Apple’s malware problem is accelerating *** --------------------------------------------- For a long time, one of the most common reasons for buying an Apple computer over a Windows-based one was that the former was less susceptible to viruses and other malware. However, the .. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/19/apple-malware-problem-accelerati… *** Viren, Spam und Computerausfälle betreffen IT-Sicherheit bei KMU *** --------------------------------------------- Fehlendes Wissen und Angst vor Kosten wichtigste Gründe, warum Situation nicht verbessert wird --------------------------------------------- http://derstandard.at/2000051117771 *** DSA-3766 mapserver - security update *** --------------------------------------------- It was discovered that mapserver, a CGI-based framework for Internetmap services, was vulnerable to a stack-based overflow. This issueallowed a remote user to crash the service, or potentially execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3766 *** Google veröffentlicht Riesen-Patch-Paket für Android *** --------------------------------------------- 94 einzelne Lücken, 10 kritische Sicherheitsprobleme; Googles Android Security Bulletin für den Januar hat es in sich. --------------------------------------------- https://heise.de/-3603108 *** Forcepoint: Carbanak nutzt Google-Dienste für Malware-Hosting *** --------------------------------------------- Wer seine Malware auf einem Command-und-Control-Server hostet, läuft Gefahr, von Firewall-Regeln erkannt zu werden. Die Carbanak-Gruppe liefert Kommandos daher über Google-Docs aus. --------------------------------------------- http://www.golem.de/news/forcepoint-carbanak-nutzt-google-dienste-fuer-malw… *** Hackingvorwürfe: "Deutschland stellt Russland als Aggressor dar" *** --------------------------------------------- Russisches Außenamt beschwert sich über deutsche Vorgangsweise: "Keine Beweise vorgelegt" --------------------------------------------- http://derstandard.at/2000051188487 *** Samsung SmartCam-Kameras sind Freiwild für Botnetz-Betreiber *** --------------------------------------------- Forscher haben vor Jahren Lücken in der SmartCam SNH-1011 entdeckt, die von Samsung nur unzureichend geflickt wurden. Nun sind die IP-Kameras erneut angreifbar. --------------------------------------------- https://heise.de/-3603201

1 0

Tageszusammenfassung - Mittwoch 18-01-2017
by Daily end-of-shift report 18 Jan '17

18 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 17-01-2017 18:00 − Mittwoch 18-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Critical Patch Update - January 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html *** vBulletin Malware – When Hackers Compete for Backdoor Control *** --------------------------------------------- A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we encountered had .. --------------------------------------------- https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-… *** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH and other third party software vulnerabilities affect NSM Appliance OS. *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS *** Kill it with fire: US-CERT warns admins to dump Server Message Block *** --------------------------------------------- Shadow Brokers may have loosed a zero-day, so youre better safe than sorry The US computer emergency readiness team .. --------------------------------------------- www.theregister.co.uk/2017/01/18/uscert_warns_admins_to_kill_smb_after_shad… *** Do web injections exist for Android? *** --------------------------------------------- Man-in-the-Browser (MITB) attacks can be implemented using various means, including malicious DLLs, rogue .. --------------------------------------------- http://securelist.com/blog/research/77118/do-web-injections-exist-for-andro… *** In Review: 2016’s Mobile Threat Landscape Brings Diversity, Scale, and Scope *** --------------------------------------------- 65 million: the number of times we’ve blocked mobile threats in 2016. By December 2016, the total number of unique samples of malicious Android apps we’ve collected and .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/2016-mobile-thre… *** Last call to replace SHA-1 certificates *** --------------------------------------------- http://blog.sec-consult.com/2017/01/last-call-to-replace-sha-1-certificates… *** The Carbanak gang is with a new modus operandi, Google services as C&C *** --------------------------------------------- The infamous Carbanak cybercrime gang is back and is leveraging Google services for command-and-control of its malicious codes. The dreaded Carbanak cybercrime gang is back .. --------------------------------------------- http://securityaffairs.co/wordpress/55427/cyber-crime/carbanak-google-servi… *** Spora Ransomware Offers Victims Unique Payment Options *** --------------------------------------------- Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options. --------------------------------------------- http://threatpost.com/spora-ransomware-offers-victims-unique-payment-option… *** Kritische Lücken in Java & Co: Oracle wirft Riesen-Patchpaket ab *** --------------------------------------------- Das neueste Critical Patch Update von Oracle enthält unter anderem Sicherheitsupdates für Java, MySQL und VirtualBox. Wie immer gibt es Patches für fast alle Produkte des Herstellers. --------------------------------------------- https://heise.de/-3601613 *** Ancient Mac backdoor discovered that targets medical research firms *** --------------------------------------------- More secure than PC? Ha! Security researchers at Malwarebytes have discovered a Mac backdoor using antiquated code that targets biomedical research facilities.… --------------------------------------------- ww.theregister.co.uk/2017/01/18/mac_malware/ *** Uncovering the Inner Workings of EyePyramid *** --------------------------------------------- Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-inner…

1 0

Tageszusammenfassung - Dienstag 17-01-2017
by Daily end-of-shift report 17 Jan '17

17 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 16-01-2017 18:00 − Dienstag 17-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Who's winning the cyber war? The squirrels, of course *** --------------------------------------------- CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" can. --------------------------------------------- http://arstechnica.com/information-technology/2017/01/whos-winning-the-cybe… *** Dodgy Dutch developer built backdoors into thousands of sites *** --------------------------------------------- Then hoovered out users personal data, stole identities galore and spent up big Dutch police are this week warning 20,000 users that their email accounts were hacked after .. --------------------------------------------- www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_b… *** [2017-01-17] Cross site scripting in TYPO3 CMS extension "Recommend page" *** --------------------------------------------- The "Recommend page" extension (pb_recommend_page) for the TYPO3 CMS does not sanitize input properly. Hence an attacker can inject malicious HTML/JavaScript content which can cause harm to the users. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Erpressung ist (immer noch) in! *** --------------------------------------------- Das neue Jahr bringt sicherlich wieder viele technische Neuerungen und (potentiell unsägliche) Trends mit sich. Eines bleibt leider unverändert: Erpressung ist in.Neben DDoS-Drohungen und Ransomware in .. --------------------------------------------- http://www.cert.at/services/blog/20170117104444-1861.html *** CryptoSearch: Tool findet und sammelt von Ransomware verschlüsselte Dateien zur Verwahrung ein *** --------------------------------------------- Wenn ein Erpressungs-Trojaner Daten in seine Gewalt gebracht hat, hoffen Opfer auf ein kostenloses Entschlüsselungstool - wann und ob überhaupt eins kommt, ist aber oft unklar. Ein Windows-Tool sammelt und archiviert bis dahin betroffene Dateien. --------------------------------------------- https://heise.de/-3597757 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- Security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to read a small part of ... --------------------------------------------- https://support.citrix.com/article/CTX219378 *** Free-to-Play: Forum von Clash-of-Clans-Betreiber gehackt *** --------------------------------------------- Erneut ist ein vBulletin-Forum gehackt worden. Betroffen sind vermutlich 1,1 Millionen Nutzer von Supercell-Foren. Der Spielehersteller vertreibt populäre Titel wie Clash of Clans und Clash Royale. --------------------------------------------- http://www.golem.de/news/free2play-forum-von-clash-of-clans-betreiber-gehac… *** The Line of Death *** --------------------------------------------- When building applications that display untrusted content, security designers have a major problems if an attacker has full control of a block of pixels, he can make those pixels look .. --------------------------------------------- https://textslashplain.com/2017/01/14/the-line-of-death/

1 0

Tageszusammenfassung - Montag 16-01-2017
by Daily end-of-shift report 16 Jan '17

16 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-01-2017 18:00 − Montag 16-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Hardening Windows 10 with zero-day exploit mitigations *** --------------------------------------------- Cyber attacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-wi… *** WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs *** --------------------------------------------- According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for .. --------------------------------------------- http://securityaffairs.co/wordpress/55308/breaking-news/wordpress-4-7-1-rel… *** DSA-3764 pdns - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in pdns, an authoritativeDNS server. The Common Vulnerabilities and Exposures project identifiesthe following .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3764 *** DSA-3763 pdns-recursor - security update *** --------------------------------------------- Florian Heinz and Martin Kluge reported that pdns-recursor, a recursiveDNS server, parses all records present in a query regardless of whetherthey are .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3763 *** Backup Files Are Good but Can Be Evil *** --------------------------------------------- Since we started to work with computers, we always heard the following advice: Make backups!. Everytime you have to change something in a file or an application, first make a backup of the existing resources (code, configuration files, data). But, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21935 *** Compliance: Deutsche Bank verbannt Whatsapp und SMS von Diensthandys *** --------------------------------------------- Mitarbeiter der Deutschen Bank können künftig nicht mehr untereinander per Whatsapp oder SMS kommunizieren. Die Apps sollen von den Geräten der Mitarbeiter entfernt werden - weil es die Behörden so wollen. --------------------------------------------- http://www.golem.de/news/compliance-deutsche-bank-verbannt-whatsapp-und-sms… *** DSA-3765 icoutils - security update *** --------------------------------------------- Several programming errors in the wrestool tool of icoutils, a suiteof tools to create and extract MS Windows icons and .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3765 *** Rätselraten um NSA-Waffenhändler "Shadow Brokers" *** --------------------------------------------- Hacker- Gruppe kündigte Rückzug an – lauter werdende Gerüchte um Verbindungen nach Russland --------------------------------------------- http://derstandard.at/2000050751646 *** Datendiebstahl bei den iPhone-Hackern Cellebrite *** --------------------------------------------- Die Firma, die die Verschlüsselung des iPhones für das FBI geknackt haben soll, wurde Opfer eines Datendiebstahls. 900 GB an Daten sind gestohlen worden. --------------------------------------------- https://futurezone.at/digital-life/datendiebstahl-bei-den-iphone-hackern-ce… *** Cyberangriffe zu deutschem Wahlkampf befürchtet: Abwehrzentrum geplant *** --------------------------------------------- Bundestagspräsident: "Was technisch möglich ist, findet auch statt" --------------------------------------------- http://derstandard.at/2000050779644 *** Google reveals its servers all contain custom security silicon *** --------------------------------------------- Even the servers it colocates (!) says new docu revealing Alphabet subs security secrets Google has published a Infrastructure Security Design Overview that explains how it secures .. --------------------------------------------- www.theregister.co.uk/2017/01/16/google_reveals_its_servers_all_contain_cus… *** Blackberry DTEK60 im (Sicherheits-)Test: Sicher, weil isso! *** --------------------------------------------- Blackberry will die Quadratur des Kreises schaffen: ein sicheres Android-Smartphone. Leider stellt der Hersteller wenig Informationen bereit und verwirrt Nutzer teils unnötig. --------------------------------------------- http://www.golem.de/news/blackberry-60-im-sicherheits-test-sicher-weil-isso… *** New Gmail phishing technique fools even tech-savvy users *** --------------------------------------------- An effective new phishing attack is hitting Gmail users and tricking many into inputing their Gmail credentials into a fake login page. How the attack unfolds The phishers start by compromising a Gmail account, then they rifle through the emails .. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/16/new-gmail-phishing-attack-fools-… *** 35 Jahre C64: Die Geburtsstunde der "Cracker" und Kopierer *** --------------------------------------------- In den 1980er-Jahren war es in Österreich vergleichsweise schwer, überhaupt Software zu kaufen --------------------------------------------- http://derstandard.at/2000049895466 *** Cartapping: Autos werden seit 15 Jahren digital verwanzt *** --------------------------------------------- Um den Standort eines Autos zu überwachen, muss längst keine GPS-Wanze mehr angebracht werden. In den USA wird das offenbar schon lange mithilfe der intelligenten Navigations- und Bordsysteme praktiziert. --------------------------------------------- http://www.golem.de/news/cartapping-autos-werden-seit-15-jahren-digital-ver… *** We reverse engineered 16k apps, here’s what we found *** --------------------------------------------- In Nov’16, we created an online tool to reverse engineer any android app to look for secrets. This tool was built because of an internal need — we were constantly required to reverse .. --------------------------------------------- https://medium.com/@mkagenius/afdccb592b81 *** Mailserver Dovecot: erfolgreiches Sicherheits-Audit *** --------------------------------------------- Als weitestgehend sicher stuft das Berliner IT-Sicherheitsunternehmen Cure53 den Mailserver Dovecot ein. In Auftrag gegeben hatte diese Untersuchung die Mozilla Foundation. --------------------------------------------- https://heise.de/-3596977

1 0

Tageszusammenfassung - Freitag 13-01-2017
by Daily end-of-shift report 13 Jan '17

13 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-01-2017 18:00 − Freitag 13-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Critical Patch Update - January 2017 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html *** EMET 5.52 update is now available *** --------------------------------------------- EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2017/01/12/emet-5-52-update-is-now-… *** Marlboro Ransomware Defeated in One Day *** --------------------------------------------- A new ransomware family was snuffed in its crib today after security researchers tracked it down, analyzed its source code for weaknesses, and released a decrypter in less than 24 hours. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated… *** Angriffe auf VoIP-Gateways von beroNet, Patch sorgt für Sicherheit *** --------------------------------------------- Angreifer entdeckten eine Schwachstelle in den VoIP-Gateways des Berliner Herstellers beroNet und nutzen diese seit kurzem aus, um die Rechnungen ihrer Opfer in die Höhe zu treiben. Ein Patch des Herstellers stopft das Sicherheitsloch. --------------------------------------------- https://heise.de/-3594737 *** November-December 2016 *** --------------------------------------------- The NCCIC/ICS-CERT Monitor for November/December 2016 is a summary of ICS-CERT activities for the previous two months --------------------------------------------- https://ics-cert.us-cert.gov/monitors/ICS-MM201612 *** Wie sich Banken vor Cyberangriffen schützen *** --------------------------------------------- Olaf Schwarz, Information Security Officer bei der Direktbank ING DiBa Austria über Cyberangriffe auf Banken, Ransomware und Sicherheitsschulungen für Mitarbeiter. --------------------------------------------- https://futurezone.at/digital-life/wie-sich-banken-vor-cyberangriffen-schue… *** Whos Attacking Me?, (Fri, Jan 13th) *** --------------------------------------------- I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. IVRE [1] (DRUNK in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. Its a network reconnaissance framework that includes: Passive recon features (via flow analysis coming from Bro or Nfdump Fingerprinting analysis Active recon (via Nmapor Zmap) Import tools (from Nmap or Masscan) I deployed this tool and feed it with... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21933&rss *** MongoDB Hijackers Move on to ElasticSearch Servers *** --------------------------------------------- After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongodb-hijackers-move-on-to… *** Schlüsselaustausch: Aufregung um angebliche Whatsapp-Backdoor *** --------------------------------------------- Hat Whatsapp eine Backdoor? Das behaupten zumindest ein Sicherheitsforscher und der Guardian. Tatsächlich könnte es auch eine weniger spektakuläre Erklärung geben. --------------------------------------------- http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsa… *** Ploutus ATM Malware: Press F3 for Money *** --------------------------------------------- Security researchers from FireEye have identified a new variant of the Ploutus ATM malware, used for the past few years to make ATMs spew out cash on command. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ploutus-atm-malware-press-f3… *** Security Alert: RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware *** --------------------------------------------- Cybersecurity experts obsessively repeat two types of advice: Use stronger passwords. Update your software. Today's security alert is all about the importance of applying software updates as soon as they're released. At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users. The campaign works by injecting malicious scripts into insecure... --------------------------------------------- https://heimdalsecurity.com/blog/rig-exploit-kit-cerber-ransomware-outdated… *** DSA-3761 rabbitmq-server - security update *** --------------------------------------------- It was discovered that RabbitMQ, an implementation of the AMQPprotocol, didnt correctly validate MQTT (MQ Telemetry Transport)connection authentication. This allowed anyone to login to an existinguser account without having to provide a password. --------------------------------------------- https://www.debian.org/security/2017/dsa-3761 *** Vuln: Splunk Enterprise CVE-2016-10126 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95412 *** Vuln: Lenovo XClarity Administrator CVE-2016-8221 Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95417 *** HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information *** --------------------------------------------- A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403 *** Vuln: Zabbix CVE-2016-10134 SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95423 *** Security Advisory: BIND vulnerability CVE-2016-9147 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02138183.html?… *** Security Advisory: BIND vulnerability CVE-2016-9131 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/86/sol86272821.html?… *** Security Advisory: BIND vulnerability CVE-2016-9444 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40181790.html?… *** PowerDNS Security Fixes *** --------------------------------------------- PowerDNS Recursor 4.0.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001051.ht… --------------------------------------------- PowerDNS Recursor 3.7.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001052.ht… --------------------------------------------- PowerDNS Authoritative Server 4.0.2 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001053.ht… --------------------------------------------- PowerDNS Authoritative Server 3.4.11 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001054.ht… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology *** https://www.ibm.com/support/docview.wss?uid=swg21997084 --------------------------------------------- *** IBM Security Bulletin: Unauthenticated User Could Gain Remote Access to TS3100/TS3200 (CVE-2016-9005) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009656 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Image Construction and Composition Tool. (CVE-2016-5573, CVE-2016-5542, and CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21997055 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM PureApplication System. *** http://www.ibm.com/support/docview.wss?uid=swg21994499 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. *** http://www.ibm.com/support/docview.wss?uid=swg21997063 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996950 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099527 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-0378) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996968 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Monitoring (CVE-2015-1788) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997156 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 12-01-2017
by Daily end-of-shift report 12 Jan '17

12 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 11-01-2017 18:00 − Donnerstag 12-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Personalisierte card complete-Phishingmail *** --------------------------------------------- Eine personalisierte cardcomplete-Phishingmail, die EmpfÄnger/innen direkt beim Namen benennt, ist im Umlauf. In dieser behaupten Kriminelle, dass es zu verdÄchtigen Transaktionen gekommen sei, weshalb Kund/innen sich auf einer Website legitimieren sollen. Es handelt sich um einen Versuch, mit dem Kriminelle an fremde Kreditkartendaten gelangen wollen. --------------------------------------------- https://www.watchlist-internet.at/phishing/personalisierte-card-complete-ph… *** The Most Dangerous User Right You (Probably) Have Never Heard Of *** --------------------------------------------- One user right I overlooked, until Ben Campbell's post on constrained delegation, was SeEnableDelegationPrivilege. This right governs whether a user account can "Enable computer and user accounts to be trusted for delegation." Part of the reason I overlooked it is stated right in the documentation:... --------------------------------------------- http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-y… *** Sicherheitsloch im Herzschrittmacher *** --------------------------------------------- Ein Firmware-Update soll Patienten mit Herzschrittmachern oder implantierten Defibrillatoren davor schützen, dass Hacker die Kontrolle über die Geräte übernehmen. Es gibt jedoch Zweifel daran, dass die Geräte nach dem Update sicher sind. --------------------------------------------- https://heise.de/-3593932 *** Latest Adobe Acrobat Reader Update Silently Installs Chrome Extension *** --------------------------------------------- An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the users Chrome browser. There is no mention of this "special package" on Acrobats changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page theyre on as a PDF file and share... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/s_zCwl6BNOY/latest-adobe-ac… *** Some tools updates, (Thu, Jan 12th) *** --------------------------------------------- A coupleof tools were updated and release today. Network Miner was updated. Version 2.1 is not available for download. Network Miner is packet sniffer/analyzer focused on extracting application layer forensic artifacts. The update adds new protocols and enhances email reassembly options. http://www.netresec.com/?page=Blogmonth=2017-01post=NetworkMiner-2-1-Releas… BlackhillsInformation Security released a Powershellversion of theDNSCAT2client. DNSCAT2 is a popular command and control tool... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21925&rss *** System Resource Utilization Monitor, (Thu, Jan 12th) *** --------------------------------------------- The attackers have come and gone and youare left behind to clean up the mess. You arrive on site to figure out how the bad guysgot in, what they took and how badly it will affect the customer. But, the customer doesnt syslog the firewall logs, so youare limited to the three days of logs that are held in thefirewalls memory. The Windows Event logs on most of the systems roll over every 5 minutes, and there is no centralized long term logging. There is no IDS. There is no full packet capture. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21927&rss *** Hintergrund: Open Bug Bounty: Sicherheitslücken gegen Prämie *** --------------------------------------------- heise Security machte nicht ganz freiwillig Bekanntschaft mit einer bisher weitgehend unbekannten Plattform, auf der Hacker und andere Forscher Sicherheitslücken melden können. --------------------------------------------- https://heise.de/-3593886 *** Ansible: Update soll kritischen Fehler in den 2.x-Versionen beheben *** --------------------------------------------- Da die Schwachstelle als hohes Risiko eingestuft wird, haben die Macher Release Candidates der Versionen 2.1.4 und 2.2.1 veröffentlicht, die den Fehler beheben. --------------------------------------------- https://heise.de/-3594254 *** Rent an IP, Own a Domain *** --------------------------------------------- The other day I was on a mission to locate a contact of mine that lived nearby. I had an address, but no phone, or email address. So I got the GPS out, programmed in the address, and away I went. Arriving at the location, I turned into the driveway, and it was an apartment... --------------------------------------------- https://blog.domaintools.com/2017/01/rent-an-ip-own-a-domain/ *** WordPress 4.7.1 Security and Maintenance Release *** --------------------------------------------- This is a security release for all previous versions and we strongly encourage you to update your sites immediately. --------------------------------------------- https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance… *** Bugtraq: ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) *** --------------------------------------------- http://www.securityfocus.com/archive/1/540011 *** Vuln: libgit2 badssl.c Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95354 *** Bugtraq: IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced *** --------------------------------------------- http://www.securityfocus.com/archive/1/540003 *** Vuln: Zimbra CVE-2016-3403 Multiple Cross Site Request Forgery Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95383 *** NetIQ Privileged Account Manager 3.0.1 HF3 (3.0.1-3) *** --------------------------------------------- Abstract: NetIQ Privileged Account Manager 3.0.1 Hot Fix 3 (3.0.1.3). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release addresses does not contain new features.Document ID: 5267862Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:netiq-npam-packages-3.0.1-3.tar.gz (175.63 MB)Products:Privileged Account Manager 3.0.1Superceded Patches:NetIQ Privileged Account Manager 3.0.1 HF 1NetIQ Privileged --------------------------------------------- https://download.novell.com/Download?buildid=Ciuap7psZuo~ *** DFN-CERT-2017-0054: ISC BIND: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0054/ *** Vuln: SAP NetWeaver XML External Entity Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95373 *** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95367 *** Juniper Security Advisories *** --------------------------------------------- *** JSA10772 - 2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303) *** http://kb.juniper.net/index?page=content&id=JSA10772&actp=RSS --------------------------------------------- *** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH vulnerabilities affect NSM Appliance OS. *** http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS --------------------------------------------- *** JSA10773 - 2017-01 Security Bulletin: QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600: Etherleak memory disclosure in Ethernet padding data (CVE-2017-2304) *** http://kb.juniper.net/index?page=content&id=JSA10773&actp=RSS --------------------------------------------- *** JSA10771 - 2017-01 Security Bulletin: Junos: Denial of Service vulnerability in RPD (CVE-2017-2302) *** http://kb.juniper.net/index?page=content&id=JSA10771&actp=RSS --------------------------------------------- *** JSA10770 - 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 16.1R1 release. *** http://kb.juniper.net/index?page=content&id=JSA10770&actp=RSS --------------------------------------------- *** JSA10769 - 2017-01 Security Bulletin: Junos: Denial of service vulnerability in jdhcpd due to crafted DHCPv6 packets (CVE-2017-2301) *** http://kb.juniper.net/index?page=content&id=JSA10769&actp=RSS --------------------------------------------- *** JSA10768 - 2017-01 Security Bulletin: Junos: SRX Series denial of service vulnerability in flowd due to crafted multicast packets (CVE-2017-2300) *** http://kb.juniper.net/index?page=content&id=JSA10768&actp=RSS --------------------------------------------- *** IBM Security Bulletin *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) IBM Java SDK updates October 2016 *** http://www-01.ibm.com/support/docview.wss?uid=swg21995972 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Netezza Analytics *** http://www-01.ibm.com/support/docview.wss?uid=swg21995049 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2016-5953) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994521 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in LMS 6.0 on Cloud *** http://www.ibm.com/support/docview.wss?uid=swg21992072 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 11-01-2017
by Daily end-of-shift report 11 Jan '17

11 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 10-01-2017 18:00 − Mittwoch 11-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** How to secure MongoDB - because it isnt by default and thousands of DBs are being hacked *** --------------------------------------------- Stop right now and make sure youve configured it correctly The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/mongodb_ran… *** Phishing per Autofill: Chrome, Safari, Opera und Erweiterungen wie LastPass angreifbar *** --------------------------------------------- Chromium-basierte Browser, Safari und beliebte Erweiterungen wie der Passwortmanager LastPass lassen sich austricksen, um mehr über den Nutzer preiszugeben, als dieser ahnt. --------------------------------------------- https://heise.de/-3593811 *** Injection of Unwanted Google AdSense Ads *** --------------------------------------------- During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It's not uncommon to see adult ads since networks that work with the porn industry usually allow a higher level of anonymity and have less strict guidelines (if any) on the quality... --------------------------------------------- https://blog.sucuri.net/2017/01/injection-unwanted-google-adsense-ads.html *** Spora Ransomware Works Offline, Has the Most Sophisticated Payment Site as of Yet *** --------------------------------------------- A new ransomware family made its presence felt today, named Spora, the Russian word for "spore." This new ransomwares most notable features are its solid encryption routine, ability to work offline, and a very well put together ransom payment site, the most sophisticated weve seen from ransomware authors as of yet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offli… *** Juniper warns: Borked upgrade opens root on firewalls *** --------------------------------------------- Turn it off and turn it back on again. No, really Juniper is warning users of its SRX firewalls that a borked upgrade leaves a root-level account open to the world. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/juniper_war… *** Hancitor/Pony/Vawtrak malspam, (Wed, Jan 11th) *** --------------------------------------------- Introduction Until recently, I hadnt personally seen much malicious spam (malspam) using Microsoft office documents with Hancitor-based Visual Basic (VB) macros to send Pony and Vawtrak. It still happens, though. Occasionally, Ill find a report like this one from 2016-12-19, where Hancitor/Pony/Vawtrak malspam was disguised as a LogMeIn account notification, but I rarely come across an example on my own. At least until yesterday. This diary describes a recent wave of Hancitor/Pony/Vawtrak... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21919&rss *** MS17-JAN - Microsoft Security Bulletin Summary for January 2017 - Version: 1.1 *** --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS17-JAN *** Bugtraq: ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539992 http://www.securityfocus.com/archive/1/539993 http://www.securityfocus.com/archive/1/539995 *** Vuln: Ansible CVE-2016-9587 Arbitrary Command Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95352 *** VU#767208: ThreatMetrix SDK for iOS fails to validate SSL certificates *** --------------------------------------------- Vulnerability Note VU#767208 ThreatMetrix SDK for iOS fails to validate SSL certificates Original Release date: 10 Jan 2017 | Last revised: 10 Jan 2017 Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. Description ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity... --------------------------------------------- http://www.kb.cert.org/vuls/id/767208 *** DFN-CERT-2017-0041: BlackBerry Enterprise Server: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0041/ *** BSRT-2017-003 Vulnerability in WatchDox Server components impacts WatchDox by BlackBerry *** --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038915 *** DFN-CERT-2017-0045: WebKitGTK+: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0045/ *** GnuTLS Lets Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037576 *** DFN-CERT-2017-0047: GnuTLS: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0047/ *** Vuln: PHP CVE-2017-5340 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95371 *** Bugtraq: Bit Defender #39 - Auth Token Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/539999 *** Vuln: Computer Associates Service Desk Manager CVE-2016-10086 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95366 *** Security Advisory - DoS Vulnerability in Multiple Huawei Products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-… *** Security Advisory - Camera DOS Vulnerability in ION Memory Management Module of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-… *** Security Notice - Statement on SaifAllah BenMassaoud Revealing CSRF Security Vulnerability in Huawei B660 Routers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170111-01-… *** Vuln: SAP Products *** --------------------------------------------- *** Vuln: SAP Single Sign On Denial of Service Vulnerability *** http://www.securityfocus.com/bid/95363 --------------------------------------------- *** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability *** http://www.securityfocus.com/bid/95362 http://www.securityfocus.com/bid/95365 --------------------------------------------- *** Vuln: SAP NetWeaver AS JAVA getUserUddiElements SQL Injection Vulnerability *** http://www.securityfocus.com/bid/95364 --------------------------------------------- *** Vuln: SAP NetWeaver Application Server Java Portal App Component Cross Site Scripting Vulnerability *** http://www.securityfocus.com/bid/95368 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Hard-coded credentials used in IBM dashDB Local (CVE-2016-8954) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994471 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21995685 --------------------------------------------- *** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5881) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995122 --------------------------------------------- *** IBM Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009328 --------------------------------------------- *** IBM Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009593 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 10-01-2017
by Daily end-of-shift report 10 Jan '17

10 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 09-01-2017 18:00 − Dienstag 10-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Adobe Security Bulletins posted *** --------------------------------------------- Adobe has published security bulletins for Adobe Acrobat and Reader (APSB17-01) and Adobe Flash Player (APSB17-02). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1438 https://helpx.adobe.com/security/products/acrobat/apsb17-01.html https://helpx.adobe.com/security/products/flash-player/apsb17-02.html *** Rätselhafte Netzwerk-Aktivitäten mit GRE-Paketen *** --------------------------------------------- Aufmerksame Admins verzeichnen aktuell auf ihren VPN-Gateways und Firewalls eine Zunahme von scheinbar sinnlosen GRE-Paketen. Die Ursache ist bislang unklar. --------------------------------------------- https://heise.de/-3592231 *** Krebs's Immutable Truths About Data Breaches *** --------------------------------------------- Ive had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction. --------------------------------------------- https://krebsonsecurity.com/2017/01/krebss-immutable-truths-about-data-brea… *** Terror Exploit Kit? More like Error Exploit Kit *** --------------------------------------------- Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-lik… *** Über 1000 deutsche Online-Shops infiziert und angezapft *** --------------------------------------------- Bei über tausend deutschen Online-Shops ziehen Kriminelle jetzt gerade Kundendaten und Zahlungsinformationen ab - und das zum Teil schon seit Monaten. Laut BSI ignorieren viele Shop-Betreiber das Problem. --------------------------------------------- https://heise.de/-3592281 *** Datenklau an Geldautomaten steigt an, Schaden sinkt *** --------------------------------------------- Datendiebe haben an Geldautomaten in Deutschland wieder häufiger zugeschlagen. Trotz moderner Technik verursacht Skimming nach wie vor Millionenschäden. An anderer Stelle allerdings sind Bankkunden noch mehr gefährdet. --------------------------------------------- https://heise.de/-3592571 *** A Review of Cryptography - Part 1 *** --------------------------------------------- Overview of Last Articles Our last few articles have dealt with the science and technology of Biometrics. To review, it is merely the Verification and/or Identification of an individual based on their unique physiological traits or even behavioral mannerisms. This is probably one of the best forms of Security technology to use because it is... --------------------------------------------- http://resources.infosecinstitute.com/a-review-of-cryptography-part-1/ *** Two New Edge Exploits Integrated into Sundown Exploit Kit *** --------------------------------------------- Two recently published proof-of-concept exploits targeted Microsoft Edge were recently integrated into the Sundown Exploit Kit. --------------------------------------------- http://threatpost.com/two-new-edge-exploits-integrated-into-sundown-exploit… *** Port 37777 "MapTable" Requests, (Tue, Jan 10th) *** --------------------------------------------- Thanks to Born for noticing an increase in %%port:37777%% TCP traffic. He wrote a blog with some of the payloads he found, and after he notified us, I was able to confirm his observations in our honeypot [1]. First 32 bytes of the payload: c1 00 00 00 00 14 00 00 63 6f 6e 66 69 67 00 00 c. o. n. f. i. g 31 00 00 00 00 00 00 00 ">{ Enable : 1, MapTable : [ { Enable : 1, InnerPort : 85, OuterPort : 85, Protocol : TCP, ServiceName : HTTP }, { Enable : 1, InnerPort : 37777, OuterPort :... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21913&rss *** Vuln: DLink DGS-1100 Switch CVE-2016-10125 Local Hardcoded SSL Certificate Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95329 *** St. Jude Merlin@home Transmitter Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a channel accessible by non-endpoint vulnerability in St. Jude Medical's Merlin@home transmitter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01 *** Intel Ethernet Controller X710/XL710 NVM Security Vulnerability *** --------------------------------------------- A security vulnerability in the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. Under certain use conditions the Ethernet controller will stop sending and receiving data until the controller is reset. All NVM versions 5.04 and earlier contain this vulnerability which is fully mitigated in NVM version 5.05. --------------------------------------------- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&lang… *** DFN-CERT-2017-0034: Foxit Reader, Foxit PhantomPDF, Foxit PDF Toolkit: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0034/ *** Moodle 3.2.1 release notes *** --------------------------------------------- A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. --------------------------------------------- https://docs.moodle.org/dev/Moodle_3.2.1_release_notes *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993856 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986) *** http://www.ibm.com/support/docview.wss?uid=swg21996503 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995206 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995198 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378) *** http://www.ibm.com/support/docview.wss?uid=swg21996502 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in SnapDrive for Windows may Result in Disclosure of Sensitive Information （CVE-2015-8544） *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009256 ---------------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily