Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Donnerstag 9-02-2017
by Daily end-of-shift report 09 Feb '17

09 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-02-2017 18:00 − Donnerstag 09-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Lifting the (Hyper) Visor: Bypassing Samsung's Real-Time Kernel Protection *** --------------------------------------------- Posted by Gal Beniamini, Project ZeroTraditionally, the operating system's kernel is the last security boundary standing between an attacker and full control over a target system. As such, additional care must be taken in order to ensure the integrity of the kernel. --------------------------------------------- http://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing… *** FortiManager TLS certificate validation failure *** --------------------------------------------- FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure. --------------------------------------------- http://fortiguard.com/advisory/FG-IR-16-055 *** Gefälschte iTunes-Rechnung: Danke für Ihren Einkauf *** --------------------------------------------- Mit einer gefälschten iTunes-Rechnug wollen Kriminelle Empfänger/innen dazu bewegen, dass sie eine Website aufrufen. Auf dieser sollen Besucher/innen Kreditkarteninformationen bekannt geben, damit sie einen nicht gewollten Einkauf stornieren können. Es handelt sich um einen Datendiebstahlsversuch. Sie dürfen die Daten nicht bekannt geben. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-itunes-rechnung-dank… *** Security Advisory - Privilege Escalation Vulnerability in Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170209-… *** Analysis of security measures deployed by e-communication providers *** --------------------------------------------- ENISA's new report provides a collection of good practices, implemented security measures and approaches by e-communication providers in the EU, to mitigate the main types of incidents in the telecommunication sector. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/analysis-of-security-measures-d… *** Security and Privacy Guidelines for the Internet of Things *** --------------------------------------------- Lately, I have been collecting IoT security and privacy guidelines. Heres everything Ive found: --------------------------------------------- https://www.schneier.com/blog/archives/2017/02/security_and_pr.html *** iCloud schlampt offenbar beim Löschen des Browser-Verlaufs *** --------------------------------------------- Aus dem Verlauf von Apples Browser Safari gelöschte Webseiten-Besuche verschwinden zwar von den synchronisierten Geräten, lassen sich aber noch rund ein Jahr später aus iCloud rekonstruieren, warnt der Hersteller eines Forensik-Tools. --------------------------------------------- https://heise.de/-3621063 *** Brute Force RDP Attacks Plant CRYSIS Ransomware *** --------------------------------------------- ... brute force RDP attacks are still ongoing, affecting both SMEs and large enterprises across the globe. In fact, the volume of these attacks doubled in January 2017 from a comparable period in late 2016. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/brute-force-rdp-… *** DFN-CERT-2017-0237: ISC BIND: Eine Schwachstellen ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Das Internet Systems Consortium (ISC) ... veröffentlicht die neuen Programmversionen BIND 9.9.9-P6, 9.10.4-P6, 9.11.0-P3 und 9.9.9-S8 (letztere nur für ISC Support Kunden), in denen die Schwachstellen behoben sind. Die Schwachstelle kann durch Deaktivierung von DNS64 oder RPZ umgangen werden, bis das Sicherheitsupdate eingespielt werden kann. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0237/ *** GNU Bash code execution vulnerability in path completion *** --------------------------------------------- GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash's built-in path completion by hitting the Tab button (f.e. to remove it with rm) triggers the exploit without executing a command itself. --------------------------------------------- https://cxsecurity.com/issue/WLB-2017020061 *** DFN-CERT-2017-0240: F5 Networks BIG-IP Systeme: Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- F5 Networks BIG-IP Protocol Security Module (PSM) >= 11.4.0, <= 11.4.1 Ein entfernter, einfach authentifizierter Angreifer kann durch Wiederaufnahme einer SSL-Verbindung zu einer betroffenen F5 BIG-IP-Appliance Informationen ausspähen, da der Server abhängig von der Größe des gesendeten Sitzungsidentifizierers (Session ID) als Antwort bis zu 31 Bytes aus nicht initialisiertem Speicher zurücksendet. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0240/ *** Erpressungs-Trojaner Erebus umgeht erfolgreich UAC-Abfrage von Windows *** --------------------------------------------- Sicherheitsforschern zufolge verbiegt Erebus die Windows-Registry dahingehend, sodass der Schädling schlimmstenfalls mit Admin-Rechten operieren kann. Dank einer Windows-Einstellung kann man das aber unterbinden. --------------------------------------------- https://heise.de/-3619820 *** BSI veröffentlicht Leitfaden für sicheres Android mit Samsung Knox *** --------------------------------------------- Administratoren können sich von der Website des BSI Empfehlungen für Samsungs Sicherheitsplattform laden. Zweck ist der Schutz von Android-Geräten. --------------------------------------------- https://heise.de/-3620713 *** Manipuliertes Word-Dokument: Makro-Malware geht den Mac an *** --------------------------------------------- Mit manipulierten Word-Dokumenten wollen Angreifer nun auch Schadcode auf Macs einschleusen. Damit wird die macOS-Schutzfunktion Gatekeeper umgangen. --------------------------------------------- https://heise.de/-3621092 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in GNU C Library affects IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware (CVE-2016-1234) *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5… ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 8-02-2017
by Daily end-of-shift report 08 Feb '17

08 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 07-02-2017 18:00 − Mittwoch 08-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** As Valve eradicates serious bug in Steam, here's what you need to know *** --------------------------------------------- Steam, an online game platform with more than 125 million active accounts, is in the process of fixing a serious security hole that opens users to hacks that could redirect them to attack sites, spend their market funds, or possibly make malicious changes to their user profiles. --------------------------------------------- https://arstechnica.com/security/2017/02/as-valve-eradicates-serious-bug-in… *** Fileless attacks against enterprise networks *** --------------------------------------------- This threat was originally discovered by a bank's security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim's host to the attacker's C2. --------------------------------------------- http://securelist.com/blog/research/77403/fileless-attacks-against-enterpri… *** Strategies to Mitigate Cyber Security Incidents *** --------------------------------------------- The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, business email compromise and industrial control systems. --------------------------------------------- http://www.asd.gov.au/infosec/mitigationstrategies.htm *** ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability *** --------------------------------------------- An attacker can exploit the vulnerability to bypass authentication and thereby gain administrator privileges. --------------------------------------------- http://www.securityfocus.com/archive/1/540100 *** When A Pony Walks Out Of A Pub *** --------------------------------------------- Talos has observed a small email campaign leveraging the use of Microsoft Publisher files. ... Unlike other applications within the Microsoft Office suite, Microsoft Publisher does not support a Protected View mode. ... The file used in this campaign was aimed at infecting the victim with the, well known, Pony malware --------------------------------------------- http://blog.talosintel.com/2017/02/pony-pub-files.html *** Multiple Vulnerabilities in Trend Micro Control Manager (TMCM) 6.0 *** --------------------------------------------- CVSS 2.0 Score(s): 4.0 - 6.8 Severity Rating(s): Medium Trend Micro has released a new build for Trend Micro Conrol Manager 6.0. This build resolves multiple vulnerabilities related to potential remote code execution, directory traversal, SQL injections, and unauthorized access to XML files. --------------------------------------------- https://success.trendmicro.com/solution/1116624 *** SAP Security for Beginners Part 5: SAP Risks - Sabotage *** --------------------------------------------- Sabotage attacks on SAP systems were promised as a today's topic, so, let's look at potential sabotage vectors. --------------------------------------------- http://resources.infosecinstitute.com/sap-security-beginners-part-5-sap-ris… *** Sielco Sistemi Winlog SCADA Software *** --------------------------------------------- This advisory contains mitigation details for an uncontrolled search path vulnerability in Sielco Sistemis Winlog SCADA Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01 *** BD Alaris 8000 Insufficiently Protected Credentials Vulnerability *** --------------------------------------------- This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an insufficiently protected credentials vulnerability in BD's Alaris 8000 Point of Care unit, which provides a common user interface for programming intravenous infusions. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01 *** BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities *** --------------------------------------------- This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for protected credentials vulnerabilities in BD's Alaris 8015 Point of Care unit, which provides a common user interface for programming intravenous infusions. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02 *** BINOM3 Electric Power Quality Meter (Update A) *** --------------------------------------------- This updated advisory is a follow-up to the original advisory titled ICSA-17-031-01 BINOM3 Electric Power Quality Meter that was published January 31, 2017, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A *** Citrix NetScaler Nonce Generation Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037795 *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in Emergdata Driver of Huawei Smart Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-… --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in Goldeneye Driver of Huawei Smart Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-… --------------------------------------------- *** Security Advisory - MITM Vulnerability in Huawei Vmall APP *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server *** http://www-01.ibm.com/support/docview.wss?uid=swg21995427 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2016-6055) *** http://www.ibm.com/support/docview.wss?uid=swg21995515 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Rational Rhapsody Design Manager with potential for Denial of Service attack *** http://www.ibm.com/support/docview.wss?uid=swg21997798 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect IBM Mobile Connect as a product bundler *** http://www-01.ibm.com/support/docview.wss?uid=swg21989670 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009543 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2016-8858, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012) *** http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 7-02-2017
by Daily end-of-shift report 07 Feb '17

07 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 06-02-2017 18:00 − Dienstag 07-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Heute ist es soweit: Es ist Internationaler Safer Internet Day! *** --------------------------------------------- Der jährliche Aktionstag wurde 2004 von der Europäischen Kommission im Rahmen des Safer Internet-Programms ins Leben gerufen und findet seitdem jeden Februar statt. Mehr als 100 Länder beteiligen sich weltweit am Safer Internet Day, um über die sichere und verantwortungsvolle Internetnutzung aufzuklären. International organisiert das europäische Netzwerk Insafe den Safer Internet Day. --------------------------------------------- https://www.saferinternet.at/news/news-detail/article/heute-feiern-wir-es-i… *** DFN-CERT-2017-0216/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0216/ *** Got an OpenBSD Web server? Better patch it *** --------------------------------------------- DoS-able bugs splatted OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/07/got_an_open… *** Vuln: PEAR HTML_AJAX CVE-2017-5677 PHP Object Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96044 *** New Attack, Old Tricks *** --------------------------------------------- A Word document targets Mac users with malicious macros and an open-source payload. --------------------------------------------- https://objective-see.com/blog/blog_0x17.html *** Citrix License Server for Windows and License Server VPX CVE-2017-5571 Open Redirect Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96028/discuss *** DFN-CERT-2017-0217/">BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0217/ *** [2017-02-07] Multiple vulnerabilities in JUNG Smart Visu server *** --------------------------------------------- Attackers can dump password hashes and other available data from the operating system of the JUNG Smart Visu Server. An attacker is able to access and control all Smart Visu server installation if he is able to crack the hashes. The group address password can be removed by using a single PUT request. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i *** http://www-01.ibm.com/support/docview.wss?uid=nas8N1021845 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation *** http://www.ibm.com/support/docview.wss?uid=swg21997654 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) Configuration tool *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024798 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSH affect IBM i *** http://www.ibm.com/support/docview.wss?uid=nas8N1021846 --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability in OpenSSL affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) *** http://www.ibm.com/support/docview.wss?uid=swg21997056 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2016-5597, CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997784 --------------------------------------------- *** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5883) *** http://www.ibm.com/support/docview.wss?uid=swg21997010 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cisco Switches and Directors. *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009663 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization *** http://www.ibm.com/support/docview.wss?uid=swg21982291 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect multiple N series products *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009687 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 6-02-2017
by Daily end-of-shift report 06 Feb '17

06 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 03-02-2017 18:00 − Montag 06-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Vuln: Barracuda NextGen Firewal F-Series Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96000 *** Vuln: Multiple GStreamer Plug-ins Buffer Overflow and Denial Of Service Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/96001 *** Honeywell SCADA Controllers Exposed Passwords in Clear Text *** --------------------------------------------- A series of remotely exploitable vulnerabilities - including clear text passwords - exist in a set of Honeywell SCADA systems. --------------------------------------------- http://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clea… *** [remote] - Netwave IP Camera - Password Disclosure *** --------------------------------------------- https://www.exploit-db.com/exploits/41236/?rss *** Security Advisory: Apache vulnerability CVE-2016-8743 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00373024.html?… *** Security Advisory: OpenSSL vulnerability CVE-2016-7055 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43570545.html?… *** [SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features *** --------------------------------------------- I published the following diary on isc.sans.org: "Detecting Undisclosed Vulnerabilities with Security Tools & Features". I'm a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the "SIEM of the poor", it integrates a lot of interesting features and is fully configurable ... --------------------------------------------- https://blog.rootshell.be/2017/02/04/sans-isc-diary-detecting-undisclosed-v… *** Kodi-Erweiterung machte Anwender zu Botnetz-Zellen *** --------------------------------------------- Anwender des Plug-ins "Exodus" für das Media-Center Kodi wurden zu unfreiwilligen Teilnehmern eines Botnets, das gezielte DDoS-Angriffe fuhr. Deren Ziel: Websites von Konkurrenten. --------------------------------------------- https://heise.de/-3617777 *** NATO presents the Tallinn Manual 2.0 on International Law Applicable to cyberspace *** --------------------------------------------- NATO's Cooperative Cyber Defense Centre of Excellence (CCDCOE) has published "Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations." Its world launch will be in Washington DC, February 8 at The Atlantic Council; followed by Europe at The Hague, February 13; and Tallinn, February 17. --------------------------------------------- http://securityaffairs.co/wordpress/56004/cyber-warfare-2/nato-tallinn-manu… *** Slammer worm slithers back online to attack ancient SQL servers *** --------------------------------------------- If you get taken down by this 13-year-old malware, you probably deserve it One of the worlds most famous net menaces, SQL Slammer, has resumed attacking servers some 13 years after it set records by infecting 75,000 servers in 10 minutes, researchers say. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/05/sql_slammer… *** Microsofts DRM can expose Windows-on-Tor users IP address *** --------------------------------------------- Anonymity-lovers best not watch movies as .WMV files Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsofts DRM system. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/06/microsoft_d… *** Bugtraq: ZoneMinder - multiple vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/540093 *** Anbieter des WordPress-Plugin BlogVault gehackt *** --------------------------------------------- Hacker haben bei einem Server-Einbruch Daten von BlogVault-Nutzern abgezogen. Anschließend sollen einige Webseiten, die auf das Plugin setzen, mit Malware infiziert worden sein, warnt der Anbieter. --------------------------------------------- https://heise.de/-3618141 *** Lurk: Retracing the Group's Five-Year Campaign *** --------------------------------------------- Fileless infections are exactly what their namesake says: theyre infections that dont involve malicious files being downloaded or written to the system's disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to gain privileges and persist in the system of interest to an attacker - all while staying under the radar. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kF9o3H2gLlM/ *** Überwachungsfirma Cellebrite: Hacker veröffentlicht iPhone-Cracking-Tools *** --------------------------------------------- Wenn Software zum Knacken von Smartphones existiert, dann gelangt diese auch in die Hände Dritter, erklärt der Hacker, der die angeblich von einer Überwachungsfirma stammenden Tools veröffentlicht hat. Ähnlich argumentierte zuletzt auch Apple. --------------------------------------------- https://heise.de/-3618462 *** Hacker hijacks thousands of publicly exposed printers to warn owners *** --------------------------------------------- Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages. --------------------------------------------- http://www.cio.com/article/3166048/security/hacker-hijacks-thousands-of-pub… *** ENISA: Challenges of security certification in emerging ICT environments *** --------------------------------------------- ENISA issues today its report on the Challenges of security certification in emerging ICT environments. The report is targeted at EU Member States (MS), the Commission, certification bodies and the private sector, and provides a thorough description of the cyber security certification status concerning the most critical equipment in various critical business sectors. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/challenges-of-security-certific… *** Chrome 57 [...] will no longer trust any StartSSL/Wosign issued certificates [...] *** --------------------------------------------- Previous communication from Google (https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html) had read as though it would only be certificates issued since October 21, 2016 wouldnt be trusted. It then went onto say that it may not trust other certificates but didnt really say what that meant. --------------------------------------------- https://forums.whirlpool.net.au/forum-replies.cfm?t=2605051 *** Six Best Practices for Securing a Robust Domain Name System (DNS) Infrastructure *** --------------------------------------------- The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong. --------------------------------------------- https://insights.sei.cmu.edu/sei_blog/2017/02/six-best-practices-for-securi… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762) *** http://www.ibm.com/support/docview.wss?uid=nas8N1021796 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation *** http://www.ibm.com/support/docview.wss?uid=swg21993091 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery. *** http://www-01.ibm.com/support/docview.wss?uid=swg21998167 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 3-02-2017
by Daily end-of-shift report 03 Feb '17

03 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 02-02-2017 18:00 − Freitag 03-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** How Google fought back against a crippling IoT-powered botnet and won *** --------------------------------------------- Behind the scenes defending KrebsOnSecurity against record-setting DDoS attacks. --------------------------------------------- https://arstechnica.com/security/2017/02/how-google-fought-back-against-a-c… *** Improved scripts in .lnk files now deliver Kovter in addition to Locky *** --------------------------------------------- Cybercriminals are using a combination of improved script and well-maintained download sites in trying to install Locky and Kovter on more computers. A few .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/02/improved-scripts-in-lnk… *** Underground Scams: Cutting the Head Off a Snake *** --------------------------------------------- Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter account that we mentioned .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Underground-Scams--Cutting-t… *** Cisco - Issue with Clock Signal Component *** --------------------------------------------- One of our readers, Dalibor Cerar, sent us an email about an issue impacting Cisco...at this point. While its a hardware issue, the result if it occurs is a self inflicted Denial of Service. Cisco released a notice on February 2 that some of .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22033&rss *** G-Suite: Google bringt S/MIME für Enterprise-Gmail *** --------------------------------------------- Google hat ein umfangreiches Update für die Enterprise-Version seiner G-Suite angekündigt: Mit dabei sind verpflichtende Hardwareschlüssel, S/MIME für Gmail und erweiterte Funktionen, um Datenverlust zu verhindern. --------------------------------------------- https://www.golem.de/news/enterprise-die-google-suite-soll-sicherer-werden-… *** Hacker veröffentlichen gestohlene Cellebrite-Software *** --------------------------------------------- Programme, die von den israelischen Sicherheitsexperten von Cellebrite zum Knacken von Smartphones genutzt werden, wurden nun veröffentlicht. --------------------------------------------- https://futurezone.at/digital-life/hacker-veroeffentlichen-gestohlene-celle… *** Rechnung in ZIP-Datei ist Schadsoftware *** --------------------------------------------- In ihrem E-Mailpostfach finden Internet-Nutzer/innen eine Nachricht mit dem Betreff „Rechnung Nr. xxxxx“. Darin heißt es, dass die Empfänger/innen das beigefügte Dokument als .. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/rechnung-in-zip-da… *** The power of sharing: ENISA report on cyber security information sharing in the energy sector *** --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/the-power-of-sharing-enisa-repo… *** Someone Tried to Resurrect 14-Year-Old SQL Slammer Worm *** --------------------------------------------- For a week in November and December 2016, someone tried to resurrect the 14-year-old SQL Slammer worm, .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/someone-tried-to-resurrect-1… *** Patch-Tag für Jenkins *** --------------------------------------------- Aktuelle Versionen beseitigen insgesamt 19 Security-Probleme in Jenkins, von denen eines als schwerwiegend eingestuft ist. --------------------------------------------- https://heise.de/-3617535 *** SQL-Injection-Lücke in McAfee ePolicy Orchestrator *** --------------------------------------------- McAfees Lösung für zentrales Security-Management in Firmen und Konzernen weist selbst ein schwerwiegendes Sicherheitsproblem auf. Ein Hotfix des Herstellers sorgt für Abhilfe. --------------------------------------------- https://heise.de/-3617503 *** Kritische Lücke in Microsoft Windows ermöglicht DoS / Remote Code Execution via SMB - noch keine Updates verfügbar *** --------------------------------------------- Im SMB-Code von Microsoft Windows wurde eine Schwachstelle entdeckt, die im harmlosesten Fall einen Absturz des Betriebsystems zur Folge haben kann, im schlimmsten Fall sogar Remote Code Execution erlaubt. --------------------------------------------- https://cert.at/warnings/all/20170203.html

1 0

Tageszusammenfassung - Donnerstag 2-02-2017
by Daily end-of-shift report 02 Feb '17

02 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-02-2017 18:00 − Donnerstag 02-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** DSA-3780 ntfs-3g - security update *** --------------------------------------------- Jann Horn of Google Project Zero discovered that NTFS-3G, a read-writeNTFS driver for FUSE, does not scrub the environment before executingmodprobe with elevated privileges. A local user .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3780 *** Netherlands reverts to hand-counted votes to quell security fears *** --------------------------------------------- Windows XP? SHA-1? USB sneakernet? What were they thinking? Or smoking? The Netherlands has decided its vote-counting software isnt ready for prime time, and will revert to .. --------------------------------------------- www.theregister.co.uk/2017/02/02/netherlands_reverting_to_handcounted_votes… *** Extrem kritische Lücke in Ciscos Prime Home könnte unzählige Router gefährden *** --------------------------------------------- Internet- und Service-Anbieter sollten zügig ein Sicherheitsupdate für Cisco Prime Home installieren. Angreifer könnten Geräte mit wenig Aufwand missbrauchen und von da aus Router von Kunden übernehmen. --------------------------------------------- https://heise.de/-3615465 *** Gmail Drops Support for Windows XP and Vista Users on Chrome *** --------------------------------------------- Google says that starting with February 8, Chrome users will have to use version 54 or 55 (current) if they want to access their Gmail accounts. --------------------------------------------- https://www.bleepingcomputer.com/news/software/gmail-drops-support-for-wind… *** DDoS attacks in Q4 2016 *** --------------------------------------------- 2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, .. --------------------------------------------- http://securelist.com/analysis/quarterly-malware-reports/77412/ddos-attacks… *** Jugendliche gehen schludrig mit Passwörtern um *** --------------------------------------------- Der Sicherheitsbewusstsein von österreichischen Jugendlichen und Unter-30-Jährigen ist schlecht ausgeprägt. Jeder Zweite hat sein Passwort schon einmal weitergegeben. --------------------------------------------- https://futurezone.at/digital-life/jugendliche-gehen-schludrig-mit-passwoer… *** Security: Der Secret Service gibt Tipps für Rechenzentrumsbetreiber *** --------------------------------------------- Ein Rechenzentrum behandeln wie das Weiße Haus? Diesen Tipp gab ein ehemaliger Mitarbeiter des Secret .. --------------------------------------------- http://www.golem.de/news/security-der-secret-service-gibt-tipps-fuer-rechen… *** KopiLuwak: A New JavaScript Payload from Turla *** --------------------------------------------- A new, unique JavaScript payload is now being used by Turla in targeted attacks. This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents. --------------------------------------------- http://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payloa… *** Hackerangriff auf Tschechiens Außenamt offenbar größer als gedacht *** --------------------------------------------- http://derstandard.at/2000052006680 *** Panne bei Handysignatur: Dokumentenname einsehbar *** --------------------------------------------- Laut "Die Presse" waren 14 Stunden lang der Name aller unterzeichneten Dokumente abrufbar --------------------------------------------- http://derstandard.at/2000052007651 *** Microsoft Windows SMB Tree Connect Response memory corruption vulnerability *** --------------------------------------------- Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system. --------------------------------------------- http://www.kb.cert.org/vuls/id/867968

1 0

Tageszusammenfassung - Mittwoch 1-02-2017
by Daily end-of-shift report 01 Feb '17

01 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 31-01-2017 18:00 − Mittwoch 01-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** BINOM3 Electric Power Quality Meter *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01 *** Ecava IntegraXor *** --------------------------------------------- This advisory contains mitigation details for an SQL injection vulnerability in the Ecava IntegraXor web server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02 *** "Ändere-dein-Passwort-Tag": Pro und Contra Passwortwechsel *** --------------------------------------------- Ist es sinnvoll, sein Passwort regelmäßig und vorsichtshalber zu ändern? Was in einigen Firmen verpflichtent ist, ist in Security-Kreisen umstritten. Unter Umständen kann das sogar kontraproduktiv sein. --------------------------------------------- https://heise.de/-3613327 *** Cerber tops Windows 10 ransomware charts *** --------------------------------------------- Crims aimed for a Christmas Number One and scored Net scum behind the Cerber ransomware have been pounding enterprises infecting more corporate machines than any other, according to Microsoft.… --------------------------------------------- www.theregister.co.uk/2017/02/01/cerber_windows_10/ *** We need to talk about Granny: Shes way more likely to fall for phishing *** --------------------------------------------- If you want to catch as many people as you can, go for the old legal razzle dazzle Usenix Enigma 2017 Research has shown that older people – particularly older .. --------------------------------------------- www.theregister.co.uk/2017/02/01/why_old_women_biggest_phishing_victims/ *** Quick Analysis of Data Left Available by Attackers, (Wed, Feb 1st) *** --------------------------------------------- While hunting for interesting cases, I found the following phishing email mimicking an UPS delivery notification: When you click on the link, you are redirected to the .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22015 *** Popular PlayStation and Xbox Gaming Forums Hacked; 2.5 Million Users Data Leaked *** --------------------------------------------- Do you own an account on one of the two hugely popular PlayStation and Xbox gaming forums? Your details may have been exposed, as it has been revealed that the two .. --------------------------------------------- http://thehackernews.com/2017/01/gaming-forum-hacking.html *** Nächstes Hacker-Ziel: Ihr Hirn *** --------------------------------------------- Neue Gehirn-Computer-Schnittstellen bringen die Gefahr von Hirn-Malware mit sich. Was wie eine Postillon-Schlagzeile klingt, beschäftigt ernsthafte Sicherheitsforscher. --------------------------------------------- https://heise.de/-3613672 *** Hacker Phineas Fisher dementiert, verhaftet worden zu sein *** --------------------------------------------- Katalanische Behörden hatten nach Hausdurchsuchungen mehrere Personen festgenommen --------------------------------------------- http://derstandard.at/2000051907276 *** Insiderhandel: Mitarbeiter verkaufen Firmengeheimnisse im Darknet *** --------------------------------------------- Auf illegalen Online-Marktplätzen werden derzeit offenbar gezielt Insider angeworben, um mit deren Informationen kriminelle Geschäfte zu ermöglichen. Die Bandbreite .. --------------------------------------------- http://www.golem.de/news/insiderhandel-mitarbeiter-verkaufen-firmengeheimni… *** Hacker One: Die Sicherheitslücken der US-Armee *** --------------------------------------------- Sicherheitsforscher hatten einen Monat Zeit, um die US-Armee zu hacken. 118 Sicherheitslücken wurden gefunden und beseitigt. Eine davon ermöglichte den Zugriff auf ein .. --------------------------------------------- http://www.golem.de/news/hacker-one-die-sicherheitsluecken-der-us-armee-170… *** Cisco Prime Home Authentication Bypass Vulnerability *** --------------------------------------------- A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Disclosure of Additional Security Fix in WordPress 4.7.2 *** --------------------------------------------- WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately. In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional .. --------------------------------------------- https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-securit…

1 0

Tageszusammenfassung - Dienstag 31-01-2017
by Daily end-of-shift report 31 Jan '17

31 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 30-01-2017 18:00 − Dienstag 31-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Printer Security *** --------------------------------------------- TL;DR: In this blog post we give an overview of attack scenarios based on network printers, and show the possibilities of an attacker who has access to a vulnerable printer. We present our evaluation of 20 different printer models and show that each of .. --------------------------------------------- https://web-in-security.blogspot.co.at/2017/01/printer-security.html *** CVE-2017-5521: Bypassing Authentication on NETGEAR Routers *** --------------------------------------------- Home routers are the first and sometimes last line of defense for a network. Despite this fact, many manufacturers of home routers fail to properly audit their devices for security issues before releasing them to the market. As security researchers, .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassin… *** Erpressungs-Trojaner Sage nutzt Bleeding-Edge-Krypto-Funktionen *** --------------------------------------------- Eine neue Ransomware-Familie orientiert sich bei der Verschlüsselung mit Curve25519 und ChaCha20 am oberen Ende des derzeit zur Verfügung stehenden Repertoires von Krypto-Funktionen. --------------------------------------------- https://heise.de/-3610664 *** DSA-3776 chromium-browser - security update *** --------------------------------------------- https://www.debian.org/security/2017/dsa-3776 *** HTTPS: Das halbe Web ist nun verschlüsselt *** --------------------------------------------- Verschlüsselter Traffic überholt laut Mozilla unverschlüsselte Verbindungen – Anstieg um zehn Prozent in einem Jahr --------------------------------------------- http://derstandard.at/2000051841631 *** We see you, ransomware flingers, testing out your baddest stuff on... Germany? *** --------------------------------------------- Securobods file data hostage report A security firm has floated the theory that malware authors are using German firms as a testing ground for their wares prior to wider distribution. --------------------------------------------- www.theregister.co.uk/2017/01/31/ransomware_sitrep_report/ *** Google zahlte letztes Jahr drei Millionen Dollar an Sicherheitsforscher *** --------------------------------------------- Mehr als je zuvor im Bug-Bounty-Programm – Je Fast eine Million für Android- und Chrome-Bugs --------------------------------------------- http://derstandard.at/2000051858649 *** Sicherheitsupdate: Angreifer könnten Sophos Web Appliance über Kommandozeile entern *** --------------------------------------------- Wer sein Netzwerk mit der Web Appliance von Sophos abschottet, sollte zügig prüfen, ob die aktuelle Software in Version 4.3.1 schon verfügbar ist. Diese Ausgabe schließt zwei Sicherheitslücken. --------------------------------------------- https://heise.de/-3612070 *** Sophisticated cyber attacks increase, while overall volume falls *** --------------------------------------------- NTT quarterly report highlights rise in sophistication but 35 per cent drop in overall attack volumes in Q4 2016 --------------------------------------------- https://www.htbridge.com/blog/sophisticated-cyber-attacks-increase-while-ov… *** Viele Lücken in tcpdump – Bedrohungen noch nicht in Gänze geklärt *** --------------------------------------------- Die aktuelle Version des Netzwerk-Sniffers rüstet sich gegen zahlreiche Schwachstellen, ist aber noch nicht überall verfügbar. --------------------------------------------- https://heise.de/-3612240 *** Tschechische Regierung meldet Hackerangriff auf E-Mail-Konten *** --------------------------------------------- Experten sollen Parallelen zu Hackerangriff auf Demokratische Partei in den USA vergangenes Jahr sehen --------------------------------------------- http://derstandard.at/2000051866541-406 *** Nested, Targeted Attacks Built for Reconnaissance *** --------------------------------------------- Researchers say NATO members were targeted for reconnaissance over the holidays by attacks using malicious OLE objects. --------------------------------------------- http://threatpost.com/nested-targeted-attacks-built-for-reconnaissance/1234… *** Usenix Enigma: Mit Sensorenmanipulation das Internet of Things verwirren *** --------------------------------------------- Autonome Systeme verlassen sich auf Sensoren, um ihre Umwelt zu verstehen. Ein Wissenschaftler hat auf der Sicherheitskonferenz Usenix Enigma demonstriert, wie sich .. --------------------------------------------- http://www.golem.de/news/usenix-enigma-mit-sensorenmanipulation-das-interne…

1 0

Tageszusammenfassung - Montag 30-01-2017
by Daily end-of-shift report 30 Jan '17

30 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 27-01-2017 18:00 − Montag 30-01-2017 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** Dridex Returns With Windows UAC Bypass Method *** --------------------------------------------- Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user. --------------------------------------------- http://threatpost.com/dridex-returns-with-windows-uac-bypass-method/123420/ *** What Keeps My Honeypot Busy These Days, (Fri, Jan 27th) *** --------------------------------------------- Sometimes, it isnt the new and sophisticated attacks that keep your honeypots (and with that: you) busy, but things that make you go that works?. Looking over my honeypot today, I had a couple experiences like this. First of all, the old TR-064 NTP Server exploit that became big news when the Mirai botnet adopted it. Since then, most of the servers that hosted the follow-up code no longer deliver. But this doesnt prevent thousands of existing bots to persistently attempt the exploit. In... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21995&rss *** ATM "Shimmers" Target Chip-Based Cards *** --------------------------------------------- Several readers have called attention to warnings coming out of Canada about a supposed new form of ATM skimming called "shimming." Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Heres a brief primer on shimming attacks, and why they succeed. --------------------------------------------- https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/ *** Request for Packets and Logs - TCP 5358, (Sat, Jan 28th) *** --------------------------------------------- pStarting Sunday (22 Jan 17), there was a huge spike this week against TCP 5358. If anyone has logs or packets (traffic) that might help identify what it is can submit them via our a href="https://isc.sans.edu/contact.html"contact/a page would be appreciated. This is a snapshot as to what was reported so far this week in DShield./p p width:500px" //p p[1] https://isc.sans.edu/contact.html/p p-----------br / Guy Bruneau a href="http://www.ipss.ca/"IPSS Inc./abr / --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21997&rss *** Adblock Plus: Staatsanwaltschaft durchsucht Werbeblocker-Anbieter Eyeo *** --------------------------------------------- Der Kölner Adblocker-Anbieter Eyeo hat nun auch Ärger mit der Justiz. Hintergrund dürfte der Streit über die Frage sein, wer für die Erstellung von Filterregeln in der Easylist verantwortlich ist. --------------------------------------------- http://www.golem.de/news/adblock-plus-staatsanwaltschaft-durchsucht-werbebl… *** XSender: The Source of All the Recent XMPP Spam *** --------------------------------------------- In recent months, security researchers, hackers, and other dwellers of the cyber-criminal underground have noticed an uptick in XMPP (formerly Jabber) spam. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/xsender-the-source-of-all-th… *** Facebook: Sicheres Einloggen per USB-Stick *** --------------------------------------------- Die Zwei-Faktor-Authentifizierung bei Facebook kann nun auch per Fido-USB-Sticks oder NFC-Tags erfolgen. --------------------------------------------- https://futurezone.at/digital-life/facebook-sicheres-einloggen-per-usb-stic… *** A Shakeup in Russia's Top Cybercrime Unit *** --------------------------------------------- A chief criticism I heard from readers of my book, Spam Nation: The Inside Story of Organized Cybercrime, was that it dealt primarily with petty crooks involved in petty crimes, while ignoring more substantive security issues like government surveillance and cyber war. But now it appears that the chief antagonist of Spam Nation is at the dead center of an international scandal involving the hacking of U.S. state electoral boards in Arizona and Illinois, the sacking of Russias top cybercrime... --------------------------------------------- https://krebsonsecurity.com/2017/01/a-shakeup-in-russias-top-cybercrime-uni… *** Überwachungskameras von Washington DC mit Ransomware infiziert *** --------------------------------------------- Nur acht Tage vor Trumps Angelobung wurde das Netzwerk der Überwachungskameras in der US-Hauptstadt angegriffen und teilweise lahmgelegt. --------------------------------------------- https://futurezone.at/digital-life/ueberwachungskameras-von-washington-dc-m… *** Google auf dem Weg zur unabhängigen Root-CA *** --------------------------------------------- Künftig will das Unternehmen über den Google Trust Service eigene SSL-/TLS-Zertifikate ausstellen. Diese sollen bei Google-Diensten und Angeboten des Google-Mutterkonzerns Alphabet zum Einsatz kommen. --------------------------------------------- https://heise.de/-3610041 *** Averting ransomware epidemics in corporate networks with Windows Defender ATP *** --------------------------------------------- Microsoft security researchers continue to observe ransomware campaigns blanketing the market and indiscriminately hitting potential targets. Unsurprisingly, these campaigns also continue to use email and the web as primary delivery mechanisms. Also, it appears that most corporate victims are simply caught by the wide nets cast by ransomware operators. Unlike cyberespionage groups, ransomware operators do... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epi… *** Kritische Lücke in WebEx: Cisco stellt offensichtlich finale Sicherheitsupdates bereit *** --------------------------------------------- Nach mehreren vermeintlich abgesicherten Version von WebEx hat Cisco nun eigenen Angaben zufolge vollwertige Sicherheitsupdates veröffentlicht. Einige Unklarheiten bleiben aber. --------------------------------------------- https://heise.de/-3610749 *** [2017-01-30] XSS and CSRF vulnerabiliies in multiple Ubiquiti Networks products *** --------------------------------------------- Many products of Ubiquiti Networks are affected by a cross site scripting vulnerability. Malicious JavaScript code can be executed in the browser of the user. Furthermore, different actions on the system can be triggered by CSRF attacks. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0 *** --------------------------------------------- Microsoft is aware of a security vulnerability in the public version of ASP.NET Core MVC 1.1.0 where a malformed HTTP request could lead to a denial of service. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/4010983 *** Cryptkeeper Sets the same password "p" for everything independently of user input *** --------------------------------------------- https://www.reddit.com/r/netsec/comments/5r16na/cryptkeeper_sets_the_same_p… *** DSA-3775 tcpdump - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in tcpdump, a command-linenetwork traffic analyzer. These vulnerabilities might result in denialof service or the execution of arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3775 *** TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities *** --------------------------------------------- The administration interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed via the redirect_url GET parameter is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted... --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5393.php *** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF *** --------------------------------------------- SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF. --------------------------------------------- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5392.php *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009714 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in SSL affects IBM DataPower Gateways (CVE-2016-8610) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997209 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21997764 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 27-01-2017
by Daily end-of-shift report 27 Jan '17

27 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 26-01-2017 18:00 − Freitag 27-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Zbot with legitimate applications on board *** --------------------------------------------- Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader - a downloader installing on the victim machine a ZeuS-based malware. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/01/zbot-with-legitimate-appli… *** Phishers unleash simple but effective social engineering techniques using PDF attachments *** --------------------------------------------- The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We're seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks that attempt to steal your email credentials. Apparently, the... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple… *** Hintergrund: So hacken Maschinen *** --------------------------------------------- Team Shellphish war einer der Teilnehmer der Cyber Grand Challenge der DARPA; jetzt beschreiben sie ihren Mechanical Phish und dessen Strategie. --------------------------------------------- https://heise.de/-3608169 *** Bezahlung oder Kontosperre: Nationalbank warnt vor Telefonbetrug *** --------------------------------------------- Unbekannte fälschen Telefonnummer von Bank und Anwalt, um Opfer unter Druck zu setzen --------------------------------------------- http://derstandard.at/2000051638010 *** Security for Privacy on Data Protection Day *** --------------------------------------------- On 28th January, ENISA joins 47 countries of the Council of Europe and the EU institutions, agencies and bodies, to celebrate the 11th annual European Data Protection Day. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-pr… *** Sicherheitsupdate: Entwickler von TigerVNC raten zur zügigen Aktualisierung *** --------------------------------------------- Durch das Ausnutzen einer Lücke könnten Angreifer im Zuge einer Virtual-Network-Computing Session Clients kapern. --------------------------------------------- https://heise.de/-3609051 *** Cisco starts patching critical flaw in WebEx browser extension *** --------------------------------------------- Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx... --------------------------------------------- http://www.cio.com/article/3162014/security/cisco-starts-patching-critical-… *** Heartbleed: (Almost) three years later *** --------------------------------------------- Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets. I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are based on the list of domains under the Austrian ccTLD .at. We published a first report on these results in the summer of 2014. Were close to the three... --------------------------------------------- http://www.cert.at/services/blog/20170127160051-1894_en.html *** Security Advisory: OpenSSH vulnerability CVE-2016-10011 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24324390.html?… *** IDM 4.5 Midrange BiDirectional Driver 201611271513 *** --------------------------------------------- Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.5 or higher. Driver version will show i5os Driver Version 4.5 Build Date 201611271513.To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)This patch also requires the driver activation from IDM 4.5Document ID: 5271130Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45midrange20161127.tar.gz (47.54 MB)Products:Identity Manager 4.0.2Identity... --------------------------------------------- https://download.novell.com/Download?buildid=lY8lK_WKOeQ~ *** Bugtraq: ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/540060 *** Vuln: EMC PowerPath Virtual (Management) Appliance CVE-2016-0890 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95832 *** Eaton ePDU Path Traversal Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in certain legacy Eaton ePDUs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01 *** Belden Hirschmann GECKO *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in Beldens Hirschmann GECKO switch. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02 *** RSA Web Threat Detection Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037726 *** Vuln: Terminal Services Agent CVE-2017-5328 Spoofing Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95823 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542) *** http://www.ibm.com/support/docview.wss?uid=swg21994101 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099533 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System Networking Switch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099505 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM System Networking RackSwitch products (CVE-2016-2183) *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099506 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily