Daily

daily@lists.cert.at

1 participants
3086 discussions

Tageszusammenfassung - Freitag 24-03-2017
by Daily end-of-shift report 24 Mar '17

24 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-03-2017 18:00 − Freitag 24-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** TROOPERS 2017 Day #4 Wrap-Up *** --------------------------------------------- I'm just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition. --------------------------------------------- https://blog.rootshell.be/2017/03/23/troopers-2017-day-4-wrap/ *** Google slaps Symantec for sloppy certs, slow show of SNAFUs *** --------------------------------------------- Certs will keep working, but Chrome will be suspicious, soon Googles Chrome development team has posted a stinging criticism of Symantecs certificate-issuance practices, saying it has lost confidence in the companys practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/03/24/google_slap… *** Referrer spoofing with iframe injection *** --------------------------------------------- Last year we've been playing with a very simple method to spoof the referrer on Edge, which allowed us of course to spoof the referrer and -as a bonus- other neat things like bypass the XSS filter. Today I found out that it was patched, so I decided to give it a try and find a way around the patch. Honestly I don't feel it's a bypass but clearly a variation. From a practical point of view, it works again and bypasses the patch... --------------------------------------------- https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ *** VMSA-2017-0004.6 *** --------------------------------------------- VMware product updates resolve remote code execution vulnerability via Apache Struts 2 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0004.html *** Betrugsnetzwerk: Kinox.to-Nutzern Abofallen andrehen *** --------------------------------------------- Eine Betrugskampagne nutzt Sicherheitslücken im Stock-Browser von Android aus, um Nutzern Abofallen und Premiumdienste zuzuschieben. Die Betrüger bauen gefälschte Webshops auf, um legitim zu erscheinen. (Abofallen, Server) --------------------------------------------- https://www.golem.de/news/betrugsnetzwerk-mit-fake-webshops-kinox-to-nutzer… *** DFN-CERT-2017-0524/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im Traffic Management Microkernel (TMM) auf BIG-IP-Systemen durch die Versendung präparierten Netzwerkverkehrs für einen Denial-of-Service (DoS)-Angriff ausnutzen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0524/ *** Erpressung durch iCloud-Fernlöschung: Wie Sie Ihr iPhone schützen *** --------------------------------------------- Unbekannte drohen damit, wahllos iPhones zu löschen - wenn Apple nicht zahlt. Die Angreifer sind offenbar in Besitz von iCloud-Zugangsdaten. Mac & i erklärt, wie man sich gegen einen derartigen Angriff wappnen kann. --------------------------------------------- https://heise.de/-3663802 *** LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in the LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01 *** BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded password vulnerability in the Becton, Dickinson and Company (BD) Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01 *** Vuln: libpcre Multiple Security Vulnerabilities *** --------------------------------------------- libpcre is prone to the following multiple security vulnerabilities: 1. A denial-of-service vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to run arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions. libpcre1 in PCRE 8.40 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/97067 *** DFN-CERT-2017-0526/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- Ein lokaler, einfach authentisierter Angreifer mit erweiterten Privilegien kann sensitive Daten ausspähen, die seit dem letzten Neustart betroffener Geräte angefallen sind. Dazu gehören beispielsweise die Passwörter zu kürzlich erstellten Benutzerkonten. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0526/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console *** http://www.ibm.com/support/docview.wss?uid=nas8N1021868 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities CVE-2016-5636 and CVE-2016-5699 in Python affect IBM i *** http://www.ibm.com/support/docview.wss?uid=nas8N1021926 --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1120) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000152 --------------------------------------------- *** IBM Security Bulletin: A cross-site scripting vulnerablity has been addressed in IBM Kenexa LMS on Cloud 5.1 *** http://www.ibm.com/support/docview.wss?uid=swg21999483 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0 *** http://www.ibm.com/support/docview.wss?uid=swg21998874 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5… ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 23-03-2017
by Daily end-of-shift report 23 Mar '17

23 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-03-2017 18:00 − Donnerstag 23-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Google: Die Hälfte aller Android-Geräte erhält unsere Sicherheitspakete nicht *** --------------------------------------------- Google macht Fortschritte im Kampf gegen Malware im Play Store, muss aber eingestehen, dass mehr als eine halbe Milliarde Android-Geräte die regelmäßigen Sicherheitsupdates der Firma nicht erhält. Viele dieser Geräte haben eklatante Sicherheitslücken. --------------------------------------------- https://heise.de/-3662665 *** AIX for Penetration Testers *** --------------------------------------------- This was my first encounter with privilege escalation on AIX and I was pretty surprised by how little information I found online on enumerating AIX systems. ... It took me a little time going through various AIX system administration guides and command cheatsheets (links at the bottom of the post) and putting together a list of various post-exploitation techniques to use on the box. I decided to put this blog-post up with the hope that it will one day help another clueless pentester/red teamer. --------------------------------------------- https://thevivi.net/2017/03/19/aix-for-penetration-testers/ *** Avatar Rootkit: Decryption of the Key and Data *** --------------------------------------------- In this second article on the dropper, we will resume our analysis right where we left off: the decryption of the key and data. After the decryption, two structures are initialized. The equivalent pseudo-code is presented below. --------------------------------------------- http://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-… *** [R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities *** --------------------------------------------- Log Correlation Engine (LCE) 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243. --------------------------------------------- http://www.tenable.com/security/tns-2017-09 *** Vuln: libavcodec CVE-2017-7206 Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97006 *** VMware AirWatch Input Validation Flaw in Shared Filenames Lets Remote Authenticated Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038116 *** Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-… *** DFN-CERT-2017-0508/">Apple iTunes: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0508/ *** Vuln: NfSen CVE-2017-6972 Unspecified Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97016 *** DFN-CERT-2017-0506/">NTP: Mehrere Schwachstellen ermöglichen u.a. die Auführung beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0506/ *** DFN-CERT-2017-0518/">Samba: Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0518/ *** DFN-CERT-2017-0515/">Git: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0515/ *** DFN-CERT-2017-0520/">BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0520/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Privilege Escalation (CVE-2017-1153) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999563 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology *** http://www.ibm.com/support/docview.wss?uid=swg21999820 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance *** http://www.ibm.com/support/docview.wss?uid=swg22000304 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Cross-Site Scripting (XSS) (CVE-2016-9737) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996200 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996836 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager Unix (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306) *** http://www.ibm.com/support/docview.wss?uid=swg22000209 --------------------------------------------- *** IBM Security Bulletin: IBM Jazz for Service Management (Jazz SM) is affected by a code execution vulnerability in IBM Tivoli Common Reporting (TCR) (CVE-2016-5983) *** http://www.ibm.com/support/docview.wss?uid=swg22000719 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 22-03-2017
by Daily end-of-shift report 22 Mar '17

22 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-03-2017 18:00 − Mittwoch 22-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Cybellum verkauft Autostart-Funktion als Zero-Day *** --------------------------------------------- Mit kräftigen Worten, einem eigenen Namen und Logo und dem Prädikat "Zero-Day" stellt Cybellum eine Technik vor, mit der sich Malware in einem Windows-System verankern lässt -- nachdem es bereits die Kontrolle übernommen hat. --------------------------------------------- https://heise.de/-3662090 *** QNAP Storage Devices Multiple Flaws Let Remote Users Inject SQL Commands, Steal Cookies, Conduct Cross-Site Scripting and Clickjacking Attacks, Obtain Potentially Sensitive Informaiton, and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1038091 *** Vuln: Malware Information Sharing Platform CVE-2017-7215 Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/96997 *** Vuln: Rockwell Automation FactoryTalk Activation CVE-2017-6015 Local Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96996 *** Security Advisory - Information Leak Vulnerability in Huawei Hilink APP *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170322-… *** Security Advisory - Phone Finder Bypass Vulnerability in Some Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170322-… *** Phishingversuch bei der FH Oberösterreich *** --------------------------------------------- In einer gefälschten FH OOE IT-SERVICE DESK-Nachricht heißt es, dass Empfänger/innen ihr Webmail-Konto bestätigen müssen. Dazu sollen sie eine Website aufrufen und ihre Zugangsdaten bekannt geben. Es handelt sich um einen Phishingversuch. Wer der Aufforderung nachkommt, übermittelt Kriminellen die Zugangsdaten des FH OÖ-Webmailkontos. --------------------------------------------- https://www.watchlist-internet.at/phishing/phishingversuch-bei-der-fh-obero… *** Avatar Rootkit: Dropper Analysis Part 2 *** --------------------------------------------- In this second article on the dropper, we will resume our analysis right where we left off: the decryption of the key and data. After the decryption, two structures are initialized. The equivalent pseudo-code is presented below. --------------------------------------------- http://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-… *** Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170322-… *** Intermediate Mitigation Measures May be Required for Apache Struts Vulnerabilities *** --------------------------------------------- The general consensus among InfoSec professionals is to patch critical vulnerabilities such as Apache Struts as soon as a patch is made available by the vendor. So why mightn't your company simply patch Apache Struts and go on your merry way? Not all events can be remediated immediately. Very often, intermediate mitigation measures must be taken to lower the risk of exploit and protect assets very quickly. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/intermediate-mitigatio… *** Passwortklau-Lücke in Lastpass geschlossen (oder auch nicht) *** --------------------------------------------- Eine Sicherheitslücke im Passwort-Manager Lastpass erlaubt das Auslesen von Passwörtern. Unter Umständen kann der Angreifer auch Code ausführen. Es gibt Berichte, dass der Fix von Lasspass die Lücke bisher nicht erfolgreich geschlossen hat. --------------------------------------------- https://heise.de/-3661616 *** Code Execution Vulnerability Found in Libpurple IM Library *** --------------------------------------------- A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Pidgin and Adium for the macOS platform. Adium 1.5.10.2 is vulnerable and can be exploited to run arbitrary code remotely. ... Pidgin has been patched in version 2.12.0. --------------------------------------------- https://threatpost.com/code-execution-vulnerability-found-in-libpurple-im-l… *** Vuln: D-Link DIR-600M CVE-2017-5874 Cross Site Request Forgery Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96999 *** Apple-Erpressung: Hacker drohen angeblich mit Fernlöschung von iPhones *** --------------------------------------------- Das Ändern der PIN aus der Ferne ist bei iPhone und iPad allerdings nur möglich, wenn der Nutzer keine Code-Sperre für sein Gerät eingerichtet hat - die Aktivierung der Code-Sperre ist auch deshalb dringend zu empfehlen. Um den Zugriff auf die eigenen iCloud-Daten besser zu schützen, sollte Apples Zwei-Faktor-Authentifizierung aktiviert werden. Die Sicherheitsfunktion hilft allerdings nicht gegen das Fernsperren und Fernlöschen... --------------------------------------------- https://www.heise.de/mac-and-i/meldung/Apple-Erpressung-Hacker-drohen-angeb… *** SAP Vulnerability Puts Business Data at Risk for Thousands of Companies *** --------------------------------------------- Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week. --------------------------------------------- http://threatpost.com/sap-vulnerability-puts-business-data-at-risk-for-thou… *** Cisco Security Advisories *** --------------------------------------------- *** Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software HTTP Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software Web User Interface Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOx Data in Motion Stack Overflow Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Application-Hosting Framework Directory Traversal Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-6056) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010022 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for HP NonStop (CVE-2016-7055, CVE-2017-3732) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000456 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access *** http://www.ibm.com/support/docview.wss?uid=swg21999797 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities CVE-2016-0736, CVE-2016-2161 and CVE-2016-8743 in IBM i HTTP Server *** http://www.ibm.com/support/docview.wss?uid=nas8N1021918 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba, NTP and ISC BIND affect IBM Netezza Host Management *** http://www-01.ibm.com/support/docview.wss?uid=swg21997024 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 21-03-2017
by Daily end-of-shift report 21 Mar '17

21 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-03-2017 18:00 − Dienstag 21-03-2017 18:00 Handler: Petr Sikuta Co-Handler: Robert Waldner *** Kritische Sicherheitslücken in E-Learning-Plattform Moodle geschlossen *** --------------------------------------------- Moodle-Admins aufgepasst: Die Open-Source E-Learning-Plattform enthält Sicherheitslücken, welche es Angreifern ermöglichen, einen Moodle-Server zu kapern. --------------------------------------------- https://heise.de/-3660119 *** Personalized spam campaign targets Germany *** --------------------------------------------- The key detail of each message was the fact that the recipient's full name, mailing address, and telephone number were embedded in the middle of the message. --------------------------------------------- https://www.symantec.com/connect/blogs/personalized-spam-campaign-targets-g… *** Workaround? Abdrehen! *** --------------------------------------------- Langsam gibt es erste Details zu den 0-days, die im Vault-7-Leak enthalten sind.Betroffen sind u.A. Switche von Cisco. Patches sind noch nicht für alle Modelle verfügbar, laut Heise gibt es aber folgenden Workaround:Bis dahin empfiehlt der Hersteller Telnet auf betroffenen Geräte zu deaktivieren und bis zum Erscheinen des Patches auf SSH zu setzen. Das ist meiner Meinung nach viel zu kurz gegriffen. --------------------------------------------- http://www.cert.at/services/blog/20170321100440-1957.html *** OpenSSH Bugs Let Remote Users Decrypt Messages in Certain Cases and Let Remote Authenticated Users Create or Modify Files on the Target System *** --------------------------------------------- Impact: A remote authenticated server can create or modify files on the connected target user's system. A remote user may be able to decrypt messages in certain cases. Solution: The vendor has issued a fix (7.5). --------------------------------------------- http://www.securitytracker.com/id/1038071 *** Google: Zahl der gehackten Webseiten steigt rapide *** --------------------------------------------- Im Jahr 2016 wurden 32 Prozent mehr Webseiten gehackt, als im Jahr zuvor. Das geht aus den von Google erhobenen Daten zu infizierten Servern hervor. Die Firma gibt Webmastern deswegen Hilfestellung beim Verhindern von Hackerangriffen. --------------------------------------------- https://heise.de/-3660903 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000285 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000283 --------------------------------------------- *** IBM Security Bulletin: IBM Call Center for Commerce is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-6056) *** http://www.ibm.com/support/docview.wss?uid=swg22000442 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 20-03-2017
by Daily end-of-shift report 20 Mar '17

20 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-03-2017 18:00 − Montag 20-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Malicious Subdirectories Strike Again *** --------------------------------------------- In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim's database structure, attackers were able to inject ads and promote their products. This time, attackers used a similar technique with a little bit more sophistication to achieve their goals. Essay Spam Campaign This technique is now being used to distribute --------------------------------------------- https://blog.sucuri.net/2017/03/malicious-subdirectories-strike-again.html *** Mimikatz: Walkthrough *** --------------------------------------------- Security researchers have been obsessed with Windows security since the beginning of time. Various tools have been released over the years which try to weaken the security/bypass it in some way or the other. Mimikatz is a tool written in `C` as an attempt to play with Windows security. --------------------------------------------- http://resources.infosecinstitute.com/mimikatz-walkthrough/ *** Doctor Web: It is possible to decrypt files encrypted with Trojan.Encoder.10465 *** --------------------------------------------- March 17, 2017 Doctor Web has developed an algorithm that successfully decrypts files encrypted by Trojan.Encoder.10465. Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content: Warning!!! All your files are encrypted with AESalgorithm! --------------------------------------------- http://news.drweb.com/show/?i=11211&lng=en&c=9 *** Sicherheitsupdate in Sicht: Gravierende Telnet-Lücke bedroht zahlreiche Cisco-Switches *** --------------------------------------------- Offensichtlich hat Cisco den Vault-7-Leak analysiert und ist auf eine kritische Lücke in über 300 Modellen seiner Switch-Reihe mit IOS-Betriebsystem gestoßen. Bislang gibt es nur einen Workaround - ein Patch soll folgen. --------------------------------------------- https://heise.de/-3658915 *** RIPS - Finding vulnerabilities in PHP application *** --------------------------------------------- The biggest fear of any developer has always been that their site may get hacked and occasionally it does end up being hacked. For a very long time, the most popular stack being used for the development of website has been the LAMP Stack (Linux, MySQL, PHP/Perl/Python). --------------------------------------------- http://resources.infosecinstitute.com/rips-finding-vulnerabilities-php-appl… *** Browser: Update der Ask.com-Toolbar verteilt Malware *** --------------------------------------------- Die meisten Nutzer dürften sich ohnehin nur fragen, wie sie die Ask.com-Toolbar im Browser am schnellsten wieder loswerden. Doch es gibt ein weiteres Problem: Der Update-Prozess des Programms ist notorisch für Sicherheitslücken anfällig. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/browser-update-der-ask-com-toolbar-verteilt-malwa… *** Gefälschte Virenwarnung auf dem Smartphone *** --------------------------------------------- Während der mobilen Nutzung des Smartphones erscheinen angebliche Virenwarnungen. Sie geben vor, dass das Endgerät mit Schadsoftware infiziert sei. Abhilfe schafft ein Schutzprogramm aus einer unbekannten Quelle. Es kann Schadsoftware installieren oder zu einem Abovertrag führen. --------------------------------------------- https://www.watchlist-internet.at/handy-abzocke/gefaelschte-virenwarnung-au… *** Low Orbit Ion Cannon: Star-Trek-Ransomware tarnt sich als DDoS-Tool *** --------------------------------------------- Wer einen DDoS-Angriff starten will, sollte seine Werkzeuge gut auswählen. Bestimmte Versionen der Low Orbit Ion Cannon starten derzeit keinen Überlastungsangriff, sondern die Verschlüsselung der eigenen Festplatte. Teuer wird es auch, wenn Spock die Festplatte entschlüsseln soll. (Star Trek, Applikationen) --------------------------------------------- https://www.golem.de/news/low-orbit-ion-cannon-star-trek-ransomware-tarnt-s… *** Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024962 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, and v1.0.2. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547,CVE-2016-5548, CVE-2016-5549) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000014 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by php5 vulnerabilities (CVE-2016-9933, CVE-2016-9935) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024961 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by an International Components for Unicode (ICU) vulnerability (CVE-2014-9911) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024958 --------------------------------------------- *** IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Query Parameter in SSL Request (CVE-2016-6102) *** http://www.ibm.com/support/docview.wss?uid=swg22000359 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus *** http://www.ibm.com/support/docview.wss?uid=swg22000536 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-03-2017
by Daily end-of-shift report 17 Mar '17

17 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-03-2017 18:00 − Freitag 17-03-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Bugtraq: CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure *** --------------------------------------------- http://www.securityfocus.com/archive/1/540291 *** SSA-603476 (Last Update 2017-03-16): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476… *** Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy *** --------------------------------------------- Nearly three years ago, I wrote a post named “Pass-the-Hash is Dead: Long Live Pass-the-Hash” that detailed some operational implications of Microsoft’s KB2871997 patch. A specific sentence in the security advisory, “Changes to this feature .. --------------------------------------------- http://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-loca… *** Chamois: Google deckt betrügerisches Werbenetzwerk auf *** --------------------------------------------- Adfraud ist ein weit verbreitetes Problem auf Android-Geräten. Google hat Details zu einem neu entdeckten Netzwerk bekanntgegeben, es soll das größte bislang bekannte sein. --------------------------------------------- https://www.golem.de/news/chamois-google-deckt-betruegerisches-werbenetzwer… *** Winzige Kameras auf Bankomaten spähen PINs aus *** --------------------------------------------- Die Londoner Polizei hat innerhalb kurzer Zeit mehrere Mini-Kameras entdeckt, die an Geldautomaten angebracht waren. --------------------------------------------- https://futurezone.at/digital-life/winzige-kameras-auf-bankomaten-spaehen-p… *** GitHub Code Execution Bug Fetches $18,000 Bounty *** --------------------------------------------- GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console. --------------------------------------------- http://threatpost.com/github-code-execution-bug-fetches-18000-bounty/124378/ *** BSI: Schützt euer Owncloud vor Feuer und Wasser! *** --------------------------------------------- Das BSI beklagt, dass Nutzer von Owncloud und Nextcloud ihre Installationen nicht aktualisieren. Das liegt aber auch daran, dass die Updatefunktion oft fehlschlägt. Und die .. --------------------------------------------- https://www.golem.de/news/bsi-schuetzt-euer-owncloud-vor-feuer-und-wasser-1… *** Sieben Jahre alte Lücke im Linux-Kernel erlaubt Rechteausweitung *** --------------------------------------------- Über die Lücke können Angreifer außerdem den Kernel lahmlegen. Da die Lücke schon so lange im Code des Kernels schlummert, betrifft sie sehr viele Systeme. --------------------------------------------- https://heise.de/-3657912 *** Wettbewerb: Windows, MacOS, Linux und Browser gehackt *** --------------------------------------------- Bei der Veranstaltung Pwn2Own hacken IT-Security-Teams um die Wette. Insgesamt winken eine Million US-Dollar Preisgeld. --------------------------------------------- https://futurezone.at/digital-life/wettbewerb-windows-macos-linux-und-brows… *** Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Low Orbit Ion Cannon: Star-Trek-Ransomware tarnt sich als DDos-Tool *** --------------------------------------------- Wer einen DDoS-Angriff starten will, sollte seine Werkzeuge gut auswählen. Bestimmte Versionen der Low Orbit Ion Cannon starten derzeit keinen Überlastungsangriff, sondern die Verschlüsselung der eigenen Festplatte. Teuer wird es .. --------------------------------------------- https://www.golem.de/news/low-orbit-ion-cannon-star-trek-ransomware-tarnt-s…

1 0

Tageszusammenfassung - Donnerstag 16-03-2017
by Daily end-of-shift report 16 Mar '17

16 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-03-2017 18:00 − Donnerstag 16-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Attackers target dozens of global banks with new malware *** --------------------------------------------- Organizations in 31 countries have been targeted in a new wave of attacks which has been underway since at least October 2016. The attackers used compromised websites or 'watering holes' to infect pre-selected targets with previously unknown malware. --------------------------------------------- https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks… *** SEO Spam Campaign Exploiting WordPress REST API Vulnerability *** --------------------------------------------- Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated. In fact, we are seeing quite a few sites that are still using versions 4.7 and 4.7.1, which are vulnerable to the WordPress REST API vulnerability patched in early February (version 4.7.2). This more serious vulnerability allows attackers to create, delete, and modify .. --------------------------------------------- https://blog.sucuri.net/2017/03/seo-spam-via-wp-rest-api-vulnerability.html *** Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001 *** --------------------------------------------- Drupal 8.2.7, a maintenance release which contains fixes for security vulnerabilities, is now available for download.Download Drupal 8.2.7Upgrading your existing Drupal 8 sites is strongly recommended. There are no new features nor non-security-related bug fixes in this release. --------------------------------------------- https://www.drupal.org/SA-2017-001 *** Ransomware operators are hiding malware deeper in installer packages *** --------------------------------------------- We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These changes are observed in installers that drop ransomware like Cerber, Locky, and others. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/03/15/ransomware-operators-ar… *** DFN-CERT-2017-0429/">Roundcube Webmail: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer kann mit Hilfe einer Email, die ein speziell präpariertes SVG-Element enthält, einen Cross-Site-Scripting (XSS)-Angriff gegen Benutzer von Roundcube Webmail durchführen. Der Hersteller stellt Roundcube Webmail 1.1.8 und 1.2.4 zur Behebung der Schwachstelle bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0429/ *** Using Intels SGX to Attack Itself *** --------------------------------------------- Researchers have demonstrated using Intels Software Guard Extensions to hide malware and steal cryptographic keys from inside SGXs protected enclave:Malware Guard Extension: Using SGX to Conceal Cache AttacksAbstract:In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. --------------------------------------------- https://www.schneier.com/blog/archives/2017/03/using_intels_sg.html *** [2017-03-16] Authenticated Command Injection in multiple Ubiquiti Networks products *** --------------------------------------------- The firmware of various Ubiquiti Networks devices contains a command injection vulnerability which can be exploited by luring an authenticated user to click on a malicious link or surf to a malicious website. Low privileged users can elevate their rights and use the vulnerability for further attacks. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Moodle 2.7.19 release notes *** --------------------------------------------- A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. --------------------------------------------- https://docs.moodle.org/dev/Moodle_2.7.19_release_notes *** NexusLogger: A New Cloud-based Keylogger Enters the Market *** --------------------------------------------- NexusLogger is a cloud-based keylogger that uses the Microsoft .NET Framework and has a low level of sophistication. NexusLogger collects keystrokes, system information, stored passwords and will take screenshots. It also specifically seeks to harvest game credentials for UPlay, Minecraft, Steam, and Origin. ... All NexusLogger samples require communications with the nexuslogger[.]com domain via HTTPS, which makes it trivial for defenders to block. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/03/unit42-nexuslogger-new-c… *** Penetration Testing Node.Js Applications - Part-2 *** --------------------------------------------- This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them while doing performing code review of node.js applications. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** Vuln: Palo Alto Networks Terminal Services CVE-2017-6356 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96925 *** Alert (TA17-075A) HTTPS Interception Weakens TLS Security *** --------------------------------------------- Organizations that have performed a risk assessment and determined that HTTPS inspection is a requirement should ensure their HTTPS inspection products are performing correct transport layer security (TLS) certificate validation. Products that do not properly ensure secure TLS communications and do not convey error messages to the user may further weaken the end-to-end protections that HTTPS aims to provide. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-075A *** Code Review of Node.Js Applications: Uncommon Flaws *** --------------------------------------------- This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them while doing performing code review of node.js applications. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** (Twitter) Keep Calm and Revoke Access *** --------------------------------------------- For the last 24 hours, the Twitter landscape has seen several official accounts hacked. ... How to protect against this kind of attack? First, do not link your Twitter account to untrusted or suspicious applications. ... Finally, the best advice is to visit the following link at regular interval: https://twitter.com/settings/applications. During your first visit, you could be surprised to find so many applications linked to your account! --------------------------------------------- https://blog.rootshell.be/2017/03/15/keep-calm-revoke-access/ *** BSI warnt vor gefährdeten Cloud-Servern: über 20.000 deutsche ownCloud- und Nextcloud-Installationen veraltet *** --------------------------------------------- Das BSI ist auf viele veraltete Installationen von ownCloud und Nextcloud gestoßen. Obwohl die Betroffenen Bescheid wissen, haben bislang die wenigsten reagiert. --------------------------------------------- https://heise.de/-3656458 *** Microsoft To End Support For Windows Vista In Less Than a Month *** --------------------------------------------- In less than a months time, Microsoft will put Windows Vista to rest once and for all. If youre one of the few people still using it, you have just a few weeks to find another option before time runs out. (I mean, nobody will uninstall it from your computer, but.) From a report on PCWorld: After April 11, 2017, Microsoft will no longer support Windows Vista: no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9XgfNI5PoWc/microsoft-to-en… *** Warnung vor kaufhaus-guenther.de *** --------------------------------------------- Kaufhaus Günther ist ein 'Online Kaufhaus'. Es wirbt mit Produkten für Haushalt, Technik und Möbel. Die verlangten Preise sind sehr günstig. Eine Bezahlung der Ware ist nur im Voraus möglich. Wer sie bezahlt, verliert Geld, denn kaufhaus-guenther.de ist ein Fake-Shop. Er liefert trotz Bezahlung keine Ware. Darüber hinaus droht ein Identitätsdiebstahl. --------------------------------------------- https://www.watchlist-internet.at/fake-shops/warnung-vor-kaufhaus-guentherd… *** DFN-CERT-2017-0479/">McAfee Advanced Threat Defence (ATD): Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- Ein einfach authentisierter Angreifer im benachbarten Netzwerk mit erweiterten Privilegien kann die SQL-Abfragelogik der Advanced Threat Defense über speziell präparierte HTTP-Anfragen so manipulieren, dass unautorisierte Aktionen im Kontext der unterliegenden Datenbank möglich sind (SQL-Injection). Intel Security erwähnt die Möglichkeit, auf diese Weise Produktinformationen auszuspähen. Die Ausführung beliebigen SQL-Programmcodes ist ebenfalls denkbar, aber nicht bestätigt. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0479/ *** Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017 *** --------------------------------------------- On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux. --------------------------------------------- http://threatpost.com/hackers-take-down-reader-safari-edge-ubuntu-linux-at-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest *** http://www-01.ibm.com/support/docview.wss?uid=swg21994995 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Netezza Host Management (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997019 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearCase (CVE-2016-0718, CVE-2015-1283, CVE-2016-4472, CVE-2015-2716) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998042 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearQuest (CVE-2016-0718, CVE-2015-1283, CVE-2016-4472, CVE-2015-2716) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998866 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearQuest (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998868 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearCase (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998046 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Bluemix January 2017 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg22000092 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2016-8624, CVE-2016-8625) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996857 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight *** http://www-01.ibm.com/support/docview.wss?uid=swg22000124 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence *** http://www-01.ibm.com/support/docview.wss?uid=swg22000123 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 15-03-2017
by Daily end-of-shift report 15 Mar '17

15 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-03-2017 18:00 − Mittwoch 15-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Sicherheitsupdates: Microsoft veranstaltet zwei Patchdays an einem Tag *** --------------------------------------------- Im März holt Microsoft den aus unbekannten Gründen verschobenen Patchday aus dem Februar nach, stellt zudem die Patches für den aktuellen Monat bereit und schließt insgesamt 140 Sicherheitslücken. --------------------------------------------- https://heise.de/-3653806 *** March 2017 security update release *** --------------------------------------------- Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month's security updates can be found on the Security Update Guide. Security bulletins were also published this month to give customers extra time to ensure they are... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/03/14/march-2017-security-upd… *** Propaganda auf Twitter *** --------------------------------------------- Der echte Groundhog Day ist noch nicht lange her, und manchmal kommt es einem so vor, als wäre im Internet jeden Tag "Groundhog Day": manche Sachen wiederholen sich einfach viel zu oft.Aktuell geht es um missbrauchte Twitter-Accounts. Das hatte wir schon im November: twittercounter.com hatte ein Problem, und schon werden Tweets unter falschem Namen verteilt. Das gleiche ist gerade wieder passiert... --------------------------------------------- http://www.cert.at/services/blog/20170315114231-1952.html *** Patchday: Adobe umsorgt Flash und Shockwave Player *** --------------------------------------------- Wie gewohnt flickt Adobe den Flash Player - darüber hinaus bekommt diesen Monat auch der Shockwave Player ein Sicherheitsupdate serviert. --------------------------------------------- https://heise.de/-3653924 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- Two security issues have been identified within Citrix XenServer. These issues could, if exploited, allow the administrator ... --------------------------------------------- https://support.citrix.com/article/CTX220771 *** VMware Workstation and Fusion Memory Access Error in Drag and Drop Function Lets Local Users on a Guest System Gain Elevated Privileges on the Host System *** --------------------------------------------- http://www.securitytracker.com/id/1038025 *** DNSSEC-Schlüsseltausch 2017: ICANN setzt Testseite für Resolver auf *** --------------------------------------------- Sollte es Angreifern gelingen, einen DNSSEC-Schlüssel zu knacken, können sie glaubwürdig aussehende, aber falsche DNS-Replys verbreiten. Deshalb müssen Schlüssel ab und zu gewechselt werden. Bei der Root-Zone ist das eine heikle Sache. --------------------------------------------- https://www.heise.de/newsticker/meldung/DNSSEC-Schluesseltausch-2017-ICANN-… *** Petya ransomware returns, wrapped in extra VX nastiness *** --------------------------------------------- PetrWrap tries to blame its predecessor for attacks Researchers have spotted a variant of last years Petya ransomware, now with updated crypto and ransomware models. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/petya_retur… *** Gefälschte Rechnung auf dropboxusercontent.com *** --------------------------------------------- In einer E-Mail mit dem Betreff "Zahlungsdetails" erhalten Internet-Nutzer/innen angeblich eine Rechnung. Sie steht unter dem Link "dl.dropboxusercontent.com/" als ZIP-Datei zum Download bereit. In Wahrheit handelt es sich bei dem Dokument um Schadsoftware. Aus diesem Grund dürfen Empfänger/innen die angebliche Rechnung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnu… *** Konsumentenschützer wollen Update-Verpflichtung *** --------------------------------------------- Verbraucherorganisationen aus aller Welt fordern die 20 führenden Industrie- und Schwellenländer (G20) zum grenzüberschreitenden Schutz der Konsumenten im Internet auf. --------------------------------------------- https://futurezone.at/digital-life/konsumentenschuetzer-wollen-update-verpf… *** Schwere Sicherheitslücke in den Web-Oberflächen von WhatsApp und Telegram geschlossen *** --------------------------------------------- Eine Lücke bei WhatsApp Web und Telegram Web erlaubt es Angreifern, die Web-Sessions der Messenger zu kapern. Auf diesem Wege können sie Nachrichten mitlesen, Adressbücher kopieren und Schadcode an Kontakte verschicken. --------------------------------------------- https://heise.de/-3653793 *** Where Have All The Exploit Kits Gone? *** --------------------------------------------- For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what's replaced them? --------------------------------------------- http://threatpost.com/where-have-all-the-exploit-kits-gone/124241/ *** Vorsicht Fake: Betrüger locken mit Emulator für Nintendos Switch *** --------------------------------------------- Derzeit kursiert im Internet eine Anwendung, die Spiele von Nintendos aktueller Konsole Switch auf PCs emulieren können soll: Die "Entwickler" hinter dem vermeintlichen Emulator verfolgen aber ein ganz anderes Ziel. --------------------------------------------- https://heise.de/-3654299 *** PowerShell Remoting Artifacts: An Introduction *** --------------------------------------------- Since PowerShell usage by malware is on the rise, in this article series, we will learn about the various artifacts related to PowerShell remoting that can be very beneficial during the investigation and during building stories around Attack Chain. --------------------------------------------- http://resources.infosecinstitute.com/powershell-remoting-artifacts-part-1/ *** Gaps in NIS standardisation: Mapping the requirements of the NIS Directive to specific standards *** --------------------------------------------- ENISA publishes a report on European standardisation within the context of the NIS Directive. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/gaps-in-nis-standardisation-map… *** VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials *** --------------------------------------------- Vulnerability Note VU#553503 D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials --------------------------------------------- http://www.kb.cert.org/vuls/id/553503 *** An Introduction to Penetration Testing Node.js Applications *** --------------------------------------------- In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** SAP pushes to patch risky HANA security flaws before hackers strike *** --------------------------------------------- Europes top software maker SAP said on Tuesday it had patched vulnerabilities in its latest HANA software that had a potentially high risk of giving hackers control over databases and business applications used to run big multinational firms. --------------------------------------------- http://www.reuters.com/article/us-cyber-sap-idUSKBN16L1FH *** JSON Libraries Patched Against Invalid Curve Crypto Attack *** --------------------------------------------- JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. --------------------------------------------- http://threatpost.com/json-libraries-patched-against-invalid-curve-crypto-a… *** Security Advisory - DoS Vulnerability in Vibrator Service of Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170315-… *** Vuln: SAP NetWeaver Visual Composer Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96865 *** JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates *** --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759&actp=RSS *** Vuln: SAP ERP Remote Authorization Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96871 *** Vuln: Trend Micro InterScan Messaging Security CVE-2017-6398 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96859 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Algo One ARA reports can be accessed by another user *** http://www.ibm.com/support/docview.wss?uid=swg21999754 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM Java SDK that affect IBM Security Directory Suite (CVE-2016-5597) October 2016 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg21994296 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010008 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010007 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010009 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010010 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology *** http://www.ibm.com/support/docview.wss?uid=swg21999965 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Web Security Appliance URL Filtering Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Meetings Server XML External Entity Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Meshed Wireless LAN Controller Impersonation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Meetings Server Authentication Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Director Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence Server API Privilege Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 9000 Series Switches Remote Login Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Infrastructure API Credentials Management Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco StarOS SSH Privilege Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 14-03-2017
by Daily end-of-shift report 14 Mar '17

14 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-03-2017 18:00 − Dienstag 14-03-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Stored XSS in WordPress Core *** --------------------------------------------- As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, .. --------------------------------------------- https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.htm *** DSA-3808 imagemagick - security update *** --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3808 *** VMSA-2017-0004 *** --------------------------------------------- VMware product updates resolve remote code execution vulnerability via Apache Struts 2 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0004.html *** Hintergrund: Vom Leben und Sterben der 0days *** --------------------------------------------- Viele diskutieren über Zero-Day-Exploits, doch die wenigsten haben je ein lebendiges Exemplar gesehen. Zwei interessante Studien bringen überraschende Erkenntnisse zur Lebenserwartung dieser gefährlichen Spezies. --------------------------------------------- https://heise.de/-3651392 *** Privatsphäre: Verschleiern der MAC-Adresse bei WLAN ist fast nutzlos *** --------------------------------------------- Die eigene MAC-Adresse beim WLAN zu verschleiern, gilt als eine der zentralen Funktionen zum Schutz der Privatsphäre. Auf mobilen Geräten ist dieser Schutz weitgehend nutzlos. --------------------------------------------- https://www.golem.de/news/privatsphaere-verschleiern-der-mac-adresse-bei-wl… *** Security Bulletins posted for Flash Player and Adobe Shockwave Player *** --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-07) and Adobe Shockwave Player (APSB17-08). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1449 *** Betreiber kritischer Infrastruktur erhalten Zugang zu Behörden-Funk *** --------------------------------------------- "Direkter Draht" zu Behörden im Falle eines kompletten "Blackouts" – Innenministerium stellt Funkgeräte .. --------------------------------------------- http://derstandard.at/2000054157780 *** Red Hat Product Security Risk Report 2016 *** --------------------------------------------- At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2957221

1 0

Tageszusammenfassung - Montag 13-03-2017
by Daily end-of-shift report 13 Mar '17

13 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-03-2017 18:00 − Montag 13-03-2017 18:00 Handler: Olaf Schwarz Co-Handler: Alexander Riepl *** Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products *** --------------------------------------------- On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Bugtraq: [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/540252 *** Bugtraq: [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass *** --------------------------------------------- http://www.securityfocus.com/archive/1/540251 *** SF9 Realex Magento Module Targeted by Credit Card Scrapers *** --------------------------------------------- Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked .. --------------------------------------------- https://blog.sucuri.net/2017/03/sf9-realex-magento-module-targeted-by-credi… *** Letzter Support-Monat für Windows Vista *** --------------------------------------------- Am 11. April will Microsoft zum letzten Mal Sicherheits-Updates für Windows Vista veröffentlichen. Alle nach diesem Termin gefundenen Lücken bleiben ungefixt. Vista an sich läuft zwar weiter, sollte danach aber besser nicht mehr ans Internet. --------------------------------------------- https://www.heise.de/newsticker/meldung/Letzter-Support-Monat-fuer-Windows-… *** Studie: Viele Webseiten setzen verwundbare JavaScript-Bibliotheken ein *** --------------------------------------------- Sicherheitsforscher haben über 100.000 Domains gescannt und herausgefunden, dass auf fast 40 Prozent veraltete und unsichere JavaScript-Bibliotheken zum Einsatz kommen. --------------------------------------------- https://heise.de/-3650648 *** Security Notice - Statement on Remote Code Execution Vulnerability in Apache Struts2 *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170313-01-… *** Betrügerischer Support der US Software Solutions Inc *** --------------------------------------------- Eine vermeintliche Systembenachrichtigung informiert Nutzer/innen darüber, dass ihr Computer mit Schadsoftware befallen sei. Die US Software Solutions Inc .. --------------------------------------------- https://www.watchlist-internet.at/scamming/betruegerischer-support-der-us-s… *** 13 Google Play Store Apps Caught Stealing Instagram Credentials *** --------------------------------------------- Instagram users are once again the targets of malicious Android apps hosted on the Play Store, apps which steal .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/13-google-play-store-apps-ca… *** IBM Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2017-1151) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21999293 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22000120 *** Nintendo Switch: Hacker baut iOS-Exploit um und nutzt Schwachstelle im Browser *** --------------------------------------------- Im Webbrowser der Switch klafft eine Sicherheitslücke, für deren Ausnutzung es bereits Proof-of-Concept-Code gibt. Zudem sind Hacker in den Recovery-Modus der Spielkonsole eingestiegen. --------------------------------------------- https://heise.de/-3650977 *** Vorinstallierte Malware auf Smartphones von LG und Samsung *** --------------------------------------------- Sicherheitsforscher haben Schadsoftware auf neuen Smartphones und Tablets entdeckt. Die Geräte wurden auf dem Vertriebsweg infiziert. --------------------------------------------- https://futurezone.at/digital-life/vorinstallierte-malware-auf-smartphones-…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily