=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 27-04-2017 18:00 − Freitag 28-04-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** GE Multilin SR Protective Relays ***
---------------------------------------------
This advisory contains mitigation details for a weak cryptography for passwords vulnerability in GEs Multilin SR protective relays.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-…
[View More]17-117-01
*** Chrome to Mark More HTTP Pages ‘Not Secure’ ***
---------------------------------------------
Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, ..
---------------------------------------------
http://threatpost.com/chrome-to-mark-more-http-pages-not-secure/125255/
*** Russian-controlled telecom hijacks financial services’ Internet traffic ***
---------------------------------------------
Visa, MasterCard, and Symantec among dozens affected by "suspicious" BGP mishap.
---------------------------------------------
https://arstechnica.com/security/2017/04/russian-controlled-telecom-hijacks…
*** DSA-3836 weechat - security update ***
---------------------------------------------
It was discovered that weechat, a fast and light chat client, is proneto a buffer overflow vulnerability in the IRC plugin, allowing a remote attacker to cause a denial-of-service by sending a specially crafted filename via DCC.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3836
*** DSA-3837 libreoffice - security update ***
---------------------------------------------
It was discovered that a buffer overflow in processing Windows Metafiles may result in denial of service or the execution of arbitrary code if a malformed document is opened.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3837
*** New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic ***
---------------------------------------------
Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apples Mac computers were up 744% in 2016, and its researchers ..
---------------------------------------------
https://thehackernews.com/2017/04/apple-mac-malware.html
*** Http 81 Botnet: the Comparison against MIRAI and New Findings ***
---------------------------------------------
OverviewIn our previous blog, we introduced a new IoT botnet spreading over http 81. We will name it in this blog the http81 IoT botnet, while some anti-virus software name it Persirai, and some ..
---------------------------------------------
http://blog.netlab.360.com/http-81-botnet-the-comparison-against-mirai-and-…
*** Facebook und Google überwiesen Betrüger 100 Millionen Dollar ***
---------------------------------------------
Litauer gab sich als Vertreter von Hardware-Zulieferer aus, Beträge zu großem Teil zurückgeholt
---------------------------------------------
http://derstandard.at/2000056723656
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 26-04-2017 18:00 − Donnerstag 27-04-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Picture this: Senate staffers’ ID cards have photo of smart chip, no security ***
---------------------------------------------
https://arstechnica.com/information-technology/2017/04/picture-this-senate-…
*** FIRST TC Amsterdam 2017 Wrap-Up ***
---------------------------------------------
Here is …
[View More]my quick wrap-up of the FIRST Technical Colloquium hosted by Cisco in Amsterdam. This is my first participation to a FIRST event. FIRST is ..
---------------------------------------------
https://blog.rootshell.be/2017/04/26/first-tc-amsterdam-2017-wrap/
*** A vigilante is putting a huge amount of work into infecting IoT devices ***
---------------------------------------------
https://arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount…
*** Homebrew crypto SNAFU on electrical grid sees GE rush patches ***
---------------------------------------------
Boffins turned up hard-coded password in ancient controllers General Electric is pushing patches for protection ..
---------------------------------------------
www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_o…
*** DSA-3835 python-django - security update ***
---------------------------------------------
Several vulnerabilities were discovered in Django, a high-level Pythonweb development framework. The Common ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3835
*** Cyberkriminalität: So machen Sie Ihr Unternehmen sicher ***
---------------------------------------------
Bei der Roadshow "IT-Sicherheit und Datenschutz" der WKÖ und des BMI im Rahmen von "Gemeinsam.Sicher mit ..
---------------------------------------------
https://futurezone.at/b2b/cyberkriminalitaet-so-machen-sie-ihr-unternehmen-…
*** Peace in our time! Symantec says it can end Google cert spat ***
---------------------------------------------
Its basically a promise to do better and not mess things up Symantec is hoping to get its certificates back on Googles trust list.
---------------------------------------------
www.theregister.co.uk/2017/04/27/symantec_ca_proposal_for_google/
*** Ransomware up. Breaches up. What do hackers want? Research, prototypes... all your secrets ***
---------------------------------------------
Verizon super depressing reports in Cyberespionage and ransomware attacks are on the increase, according ..
---------------------------------------------
www.theregister.co.uk/2017/04/27/verizon_breach_report/
*** nomx: The worlds most (in)secure communications protocol ***
---------------------------------------------
I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, ..
---------------------------------------------
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protoco…
*** APT Trends report, Q1 2017 ***
---------------------------------------------
Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries. During the first quarter of 2017, there were 33 private ..
---------------------------------------------
http://securelist.com/analysis/quarterly-malware-reports/78169/apt-trends-r…
*** StringBleed ist kein zweites Heartbleed ***
---------------------------------------------
Es wird mal wieder eine benamste Schwachstellen-Kuh durch die IT-Security Community getrieben. Der Name soll offensichtlich an Heartbleed erinnern, aber soweit wir das jetzt einschätzen können, ..
---------------------------------------------
http://www.cert.at/services/blog/20170427115946-1972.html
*** Cracking APT28 traffic in a few seconds ***
---------------------------------------------
Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly ..
---------------------------------------------
http://securityaffairs.co/wordpress/58435/apt/cracking-apt28-traffic.html
*** Windows 10: Microsoft liefert Updates auch außerhalb des Patchdays ***
---------------------------------------------
Microsoft will Windows 10 nach dem Creators Update nun auch außerhalb des Patchdays mit Updates versorgen. Allerdings ..
---------------------------------------------
https://heise.de/-3698302
*** Broadcom-Sicherheitslücken: Samsung schützt Nutzer nicht vor WLAN-Angriffe ***
---------------------------------------------
Googles Project Zero hat kürzlich in Broadcom-Chips und -Treibern zahlreiche kritische Sicherheitslücken gefunden, mit denen sich Smartphones übernehmen lassen. Wir haben ..
---------------------------------------------
https://www.golem.de/news/broadcom-sicherheitsluecken-samsung-schuetzt-nutz…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 25-04-2017 18:00 − Mittwoch 26-04-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** FortiOS XSS via srcintf during Firewall Policy Creation ***
---------------------------------------------
An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a remote (malicious) Javascript in a logged in browser.
----------------------…
[View More]-----------------------
http://fortiguard.com/psirt/FG-IR-17-017
*** Analyzing Cyber Insurance Policies ***
---------------------------------------------
Theres a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract:In this research paper, we seek to answer ..
---------------------------------------------
https://www.schneier.com/blog/archives/2017/04/analyzing_cyber.html
*** Kritische Lücken: VMware sichert Anwendungen gegenüber Schadcode ab ***
---------------------------------------------
Sicherheitsupdates schließen mehrere Schwachstellen in verschiedenen VMware-Anwendungen zum Umgang mit virtuellen Maschinen und für den Fernzugriff. Davon sind alle Betriebssysteme betroffen.
---------------------------------------------
https://heise.de/-3696740
*** BrickerBot vs Mirai: Malware-Wettstreit um Internetkameras und Co. ***
---------------------------------------------
Neue Generationen von BrickerBot versuchen schlecht geschützte Geräte zu beschädigen, und entziehen so Mirai die Grundlage
---------------------------------------------
http://derstandard.at/2000056608656
*** Terror EK going ‘pro’? Not quite yet ***
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2017/04/terror-ek-going-pro-not-qu…
*** AIT beim Citizen Science Award 2017 ***
---------------------------------------------
[...] Im Rahmen des Citizen Science Awards 2017 sind Schulklassen der Unter- und Oberstufe sowie Einzelpersonen eingeladen, aktiv an der Erarbeitung möglicher Strategien gegen Cyberattacken mitzuwirken und gemeinsam das digitale Minispiel „Phishing Wars“ weiterzuentwickeln. Anhand dieses Spiels wird trainiert, worauf es beim Erkennen von Phishing-Mails ankommt, um nicht Opfer von Cyberattacken zu werden.
---------------------------------------------
http://science.apa.at/site/kultur_und_gesellschaft/detail.html?key=SCI_2017…
*** If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again), (Wed, Apr 26th) ***
---------------------------------------------
Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22346
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 24-04-2017 18:00 − Dienstag 25-04-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Frankreich-Wahl: Russische Hacker sollen Macron ins Visier nehmen ***
---------------------------------------------
Experten bringen Gruppe mit russischen Militärgeheimdienst in Verbindung
---------------------------------------------
http://derstandard.at/2000056465269
*** The Backstory Behind Carder …
[View More]Kingpin Roman Seleznev’s Record 27 Year Prison Sentence ***
---------------------------------------------
Roman Seleznev, a 32-year-old Russian cybercriminal and prolific credit card thief, was sentenced Friday to 27 years in federal prison. That is a record ..
---------------------------------------------
https://krebsonsecurity.com/2017/04/the-backstory-behind-carder-kingpin-rom…
*** Analysis of the Shadow Z118 PayPal phishing site, (Mon, Apr 24th) ***
---------------------------------------------
[This is a guest post submitted by Remco Verhoef. Got something interesting to share? Please use our contact form to suggest your topic] Today I got lucky walking around within a phishing site and found some left-over ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22338
*** Alert: If youre running SquirrelMail, Sendmail... why? And oh yeah, remote code vuln found ***
---------------------------------------------
This is nuts Security researchers have uncovered a critical security hole in SquirrelMail, the open-source webmail project.
---------------------------------------------
www.theregister.co.uk/2017/04/24/squirrelmail_vuln/
*** AV provider Webroot melts down as update nukes hundreds of legit files ***
---------------------------------------------
https://arstechnica.com/security/2017/04/av-provider-webroot-melts-down-as-…
*** BrickerBot, the permanent denial-of-service botnet, is back with a vengeance ***
---------------------------------------------
https://arstechnica.com/security/2017/04/brickerbot-the-permanent-denial-of…
*** Western Digital My Cloud 2.21.126 Authentication Bypass ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017040164
*** Bis zu 100.000 Rechner mit geleakter NSA-Malware infiziert ***
---------------------------------------------
Sicherheitsforscher finden "Doublepulsar" auf zigtausenden Maschinen, darunter auch Rechner in Österreich
---------------------------------------------
http://derstandard.at/2000056481284
*** Angreifer könnten Drupal-Webseiten ausspionieren ***
---------------------------------------------
Im Versionsstrang 8.x klafft eine als kritisch eingestufte Sicherheitslücke. Abgesicherte Versionen schließen die Schwachstelle.
---------------------------------------------
https://heise.de/-3693082
*** Doskozil: Bundesheer soll Gegner im Cyberwar auch angreifen ***
---------------------------------------------
Minister: Angriffe sollen nicht nur abgewehrt werden – Wöchentlich fünf bis sechs ernste Attacken
---------------------------------------------
http://derstandard.at/2000056452452
*** Sicherheitspatches in Sicht: Zehn Lücken gefährden Linksys-Router ***
---------------------------------------------
Verschiedene Modelle der Smart-Wi-Fi-Serie von Linksys sind laut Sicherheitsforschern angreifbar. Unter gewissen Voraussetzungen sollen Angreifer Befehle auf Routern ausführen können.
---------------------------------------------
https://heise.de/-3693136
*** New IoT Botnet Rises Feeding on Vulnerable Security Cameras ***
---------------------------------------------
A new botnet is slowly building critical mass on the back of unsecured webcams and IP cameras, ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/new-iot-botnet-rises-feeding…
*** Hard Target: Fileless Malware ***
---------------------------------------------
Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend.
---------------------------------------------
http://threatpost.com/hard-target-fileless-malware/125054/
*** DSA-3833 libav - security update ***
---------------------------------------------
Several security issues have been corrected in multiple demuxers anddecoders of the libav multimedia library. A full list of the changes is available ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3833
*** Ashley Madison users blackmailed again ***
---------------------------------------------
Criminals are still trying to shake down users of the Ashley Madison dating/cheating online service. As you might remember, the service was hacked in 2015, and the attackers ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/25/ashley-madison-blackmail/
*** SAP NetWeaver durch Lücken gefährdet ***
---------------------------------------------
In verschiedenen Komponenten der NetWeaver-Plattform klaffen Sicherheitslücken. Sicherheitsforschern zufolge könnten Angreifer über die Schlupflöcher unter anderem an Log-in-Daten kommen.
---------------------------------------------
https://heise.de/-3693658
*** Security Bulletin Posted for ColdFusion (APSB17-14) ***
---------------------------------------------
Adobe has published a Security Bulletin (APSB17-14) announcing the availability of hotfixes for ColdFusion versions 2016, 11 and 10. These hotfixes resolve an input validation ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1460
*** Hackers uncork experimental Linux-targeting malware ***
---------------------------------------------
SSH... its Shishiga Hackers have unleashed a new malware strain that targets Linux-based systems.
---------------------------------------------
www.theregister.co.uk/2017/04/25/linux_malware/
*** [2017-04-25] Portrait Display SDK Service privilege escalation ***
---------------------------------------------
The Portrait Display SDK Service (PdiService.exe) configuration was found to be writable for every authenticated user in a default installation.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017…
*** [20170402] - Core - XSS Vulnerability ***
---------------------------------------------
https://developer.joomla.org/security-centre/684-20170402-core-xss-vulnerab…
*** [20170403] - Core - XSS Vulnerability ***
---------------------------------------------
https://developer.joomla.org/security-centre/685-20170403-core-xss-vulnerab…
*** [20170404] - Core - XSS Vulnerability ***
---------------------------------------------
https://developer.joomla.org/security-centre/686-20170404-core-xss-vulnerab…
*** [20170405] - Core - XSS Vulnerability ***
---------------------------------------------
https://developer.joomla.org/security-centre/687-20170405-core-xss-vulnerab…
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 21-04-2017 18:00 − Montag 24-04-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Eingebauter Node.js-Server: Per Nvidia-Treiber lassen sich Schädlinge einschleusen ***
---------------------------------------------
Nvidia-Treiber enthalten einen Node.js-Server - keine gute Idee: Damit lassen sich Sicherungsmechanismen wie Application Whitelisting umgehen.
-----------------------------------…
[View More]----------
https://heise.de/-3691119
*** OWASP Top 10: Die zehn wichtigsten Sicherheitsrisiken bekommen ein Update ***
---------------------------------------------
Risiken durch Injections, Fehler beim Session Management und XSS bleiben weiterhin hoch. Im vorliegenden Entwurf finden sich neben bekannten Sicherheitslücken ..
---------------------------------------------
https://www.golem.de/news/owasp-top-10-die-zehn-wichtigsten-sicherheitsrisi…
*** SquirrelMail < 1.4.22 - Remote Code Execution ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017040157
*** Shellcode Analysis- Basics ***
---------------------------------------------
In this article, we will look at how what shellcode is, what is its purpose and various shellcode patterns, etc. Please note that this article will not cover how a shellcode is ..
---------------------------------------------
http://resources.infosecinstitute.com/shellcode-analysis-basics/
*** FIN7 Evolution and the Phishing LNK ***
---------------------------------------------
FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, ..
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html
*** Amazon: Phishing-Kampagne ködert mit Datenschutzgrundverordnung ***
---------------------------------------------
Angebliche von Amazon versendete Mails sind derzeit häufig im E-Mail-Postfach zu finden. Nach gefälschten Umsatzsteuerrechnungen gibt es neuerdings eine Phishing-Kampagne, die ..
---------------------------------------------
https://www.golem.de/news/amazon-phishing-kampagne-koedert-mit-datenschutzg…
*** Sicherheitsupdate: Angreifer könnten Inhalte von Confluence-Wikis einsehen ***
---------------------------------------------
Wer Confluence einsetzt, sollte eine der ab sofort verfügbaren abgesicherte Version installieren.
---------------------------------------------
https://heise.de/-3692816
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 20-04-2017 18:00 − Freitag 21-04-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** 20 Linksys Router Models Vulnerable To Attack ***
---------------------------------------------
Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company.
---------------------------------------------
http://…
[View More]threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/
*** The History of Fileless Malware - Looking Beyond the Buzzword ***
---------------------------------------------
What's the deal with "fileless malware"? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use... Read more
---------------------------------------------
https://zeltser.com/fileless-malware-beyond-buzzword/
*** Archive.org Abused to Deliver Phishing Pages ***
---------------------------------------------
The Internet Archive is a well-known website and more precisely for its "WaybackMachine" service. It allows you to search for and display old versions of websites. The current Alexa ranking is 262 which makes it a "popular and trusted" website. Indeed, like I explained in a recent SANS ISC diary, whitelists [...]
---------------------------------------------
https://blog.rootshell.be/2017/04/20/archive-org-abused-deliver-phishing-pa…
*** Analysis of a Maldoc with Multiple Layers of Obfuscation, (Fri, Apr 21st) ***
---------------------------------------------
Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called Invoice_6083.doc (which was delivered in a zip archive). I had a quick look [...]
---------------------------------------------
https://isc.sans.edu/diary/Analysis+of+a+Maldoc+with+Multiple+Layers+of+Obf…
*** TLS-Interception: Sophos-Firewall wird von Chrome-Änderung überrascht ***
---------------------------------------------
Nutzer, die den Chrome-Browser hinter einer Firewall von Sophos nutzen, sehen zur Zeit nur Zertifikatswarnungen. Die neue Chrome-Version ignoriert den sogenannten CommonName, der schon seit 17 Jahren als veraltet gilt. (Sophos, Browser)
---------------------------------------------
https://www.golem.de/news/tls-interception-sophos-firewall-wurd-von-chrome-…
*** Domain Fronting ***
---------------------------------------------
In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for [...]
---------------------------------------------
http://resources.infosecinstitute.com/domain-fronting/
*** Top-ranked programming Web tutorials introduce vulnerabilities into software ***
---------------------------------------------
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The process The researchers identified popular tutorials by inputing search terms such as "mysql tutorial", [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabil…
*** Security vulnerability in unmaintained Drupal contrib module puts 120000 sites at risk ***
---------------------------------------------
[...] The module is currently used by over 120 000 individual Drupal installations, but is no longer maintained. The last update was done in February 2013. Unfortunately a critical security vulnerability in this references module has been reported by the Drupal core security team as SA-CONTRIB-2017-38: [...]
---------------------------------------------
http://drupal.sh/vulnerable-drupal-contrib-module-puts-120000-sites-at-risk
*** References - Unsupported - SA-CONTRIB-2017-38 ***
---------------------------------------------
[...] Updates: 2017-04-18 -- This issue has been resolved with the release of references 7.x-2.2
---------------------------------------------
https://www.drupal.org/node/2869138
*** cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1038341
*** SSHD vulnerability CVE-2017-6128 ***
---------------------------------------------
https://support.f5.com/csp/article/K92140924
*** DFN-CERT-2017-0704: FreeType: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0704/
*** Security Advisory - Buffer Overflow vulnerability in the GaussDB ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170420-…
*** Security updates available in Foxit Reader 8.3 and Foxit PhantomPDF 8.3 ***
---------------------------------------------
Foxit has released Foxit Reader 8.3 and Foxit PhantomPDF 8.3, which address potential security and stability issues.
---------------------------------------------
https://www.foxitsoftware.com/support/security-bulletins.php
*** Vuln: Linux Kernel CVE-2017-7645 Multiple Denial of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/97950
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274) ***
http://www.ibm.com/support/docview.wss?uid=swg22002280
---------------------------------------------
*** IBM Security Bulletin: Plugin Uploads in IBM UrbanCode Deploy Vulnerable to XML Injection (CVE-2016-9007) ***
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000289
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM BigFix Remote Control. ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000544
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-5556, CVE-2016-5597 and CVE-2016-5542) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996985
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000580
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM Marketing Software products suite (CVE-2014-3625) ***
http://www.ibm.com/support/docview.wss?uid=swg22002110
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002204
---------------------------------------------
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 19-04-2017 18:00 − Donnerstag 20-04-2017 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** DFN-CERT-2017-0683/">GnuTLS: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0683/
*** Cisco Security Advisories ***
--------------…
[View More]-------------------------------
*** Cisco ASA Software DNS Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Unified Communications Manager Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Prime Network Registrar DNS Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco FindIT Network Probe Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Integrated Management Controller User Session Hijacking Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Integrated Management Controller Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco Integrated Management Controller Command Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco ASA Software SSL/TLS Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco ASA Software IPsec Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Bereiten Sie sich schon 2017 auf die Datenschutz-Grundverordnung vor: Wichtige Fragen ***
---------------------------------------------
Die neue Datenschutz-Grundverordnung wird in diesem Jahr in vielen Branchen bei Entscheidungen zu Sicherheitslösungen eine wichtige Rolle spielen. Die Höhe der möglichen Geldbußen ..
---------------------------------------------
https://securingtomorrow.mcafee.com/languages/german/bereiten-sie-sich-scho…
*** Drupal Core - Critical - Access Bypass - SA-CORE-2017-002 ***
---------------------------------------------
https://www.drupal.org/SA-CORE-2017-002
*** Organizations are not effectively dealing with open source security threats ***
---------------------------------------------
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/20/open-source-security-threats/
*** DNS Query Length... Because Size Does Matter, (Thu, Apr 20th) ***
---------------------------------------------
In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass securitycontrols. DNS tunnelling is a common way to establish ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22326
*** Malware: Schadsoftware bei 1.200 Holiday-Inn- und Crown-Plaza-Hotels ***
---------------------------------------------
Wer im vergangenen Jahr auf Geschäftsreise oder im Urlaub in den USA gewesen ist, sollte seine Kreditkartenabrechnungen prüfen: Zahlungsterminals zahlreicher ..
---------------------------------------------
https://www.golem.de/news/malware-schadsoftware-bei-1-200-holiday-inn-und-c…
*** Spyware Disguised as System Update Survived on Play Store for Almost Three Years ***
---------------------------------------------
An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/spyware-disguised-as-system-…
*** [R2] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities ***
---------------------------------------------
On 2017-04-18, security researcher "agix" published an exploit for the remote command execution flaw (VulnDB 153135). As such, customers are more strongly encouraged to upgrade immediately.
---------------------------------------------
https://www.tenable.com/security/tns-2017-07
*** Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) ***
---------------------------------------------
In the last few months, I have been testing several Trend Micro products with Steven Seeley (@steventseeley). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities ..
---------------------------------------------
http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-se…
*** Stealing sensitive browser data with the W3C Ambient Light Sensor API ***
---------------------------------------------
In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your //
---------------------------------------------
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c…
*** Combating a spate of Java malware with machine learning in real-time ***
---------------------------------------------
In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-jav…
*** Browser-Updates für Chrome und Firefox stopfen kritische Lücken ***
---------------------------------------------
Sowohl Google als auch Mozilla haben kritische Sicherheitslücken in ihren Web-Browsern gestopft. Diese können von Angreifern für Drive-By-Attacken missbraucht werden.
---------------------------------------------
https://heise.de/-3689571
*** Abusing NVIDIAs node.js to bypass application whitelisting ***
---------------------------------------------
Application WhitelistingApplication whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a ..
---------------------------------------------
http://blog.sec-consult.com/2017/04/application-whitelisting-application.ht…
*** DNSSEC: ISC läutet Schlüsseltausch für BIND9 ein ***
---------------------------------------------
Das Update ist für alle BIND9-Betreiber wichtig, die die Software zum Validieren von signierten DNS-Antworten einsetzen, aber kein automatisches Schlüssel-Update eingerichtet haben.
---------------------------------------------
https://heise.de/-3689170
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 18-04-2017 18:00 − Mittwoch 19-04-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Trojaner greift gezielt österreichische Banken-Apps an ***
---------------------------------------------
Eine kürzlich im Play Store entdeckte Malware versucht Bankdaten von 400 Apps abzugreifen, darunter Bawag, Erste Bank und Volksbank.
---------------------------------------------
https://futurezone.at/…
[View More]digital-life/trojaner-greift-gezielt-oesterreichische…
*** Hajime IoT worm infects devices to head off Mirai ***
---------------------------------------------
Mirai is the name of the worm that has taken control of many IoT devices around the world and used them to mount DDoS attacks, the most high-profile of which was directed against US-based DNS provider Dyn and resulted in many websites and online services being inaccessible for hours on end. Its source code was leaked by the author, which lead to the creation of more botnets, and an increased fear that [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/19/hajime-iot-worm/
*** Firmware-Status von AVM-Routern checken: Kritisches Sicherheitsloch in Fritzbox-Firmware gestopft ***
---------------------------------------------
Durch eine kritische Sicherheitslücke in FritzOS könnten Angreifer beliebte Fritzbox-Modelle wie die 7490 aus der Ferne kapern. AVM hat die Lücke in den Routern bereits mit Firmware-Version 6.83 geschlossen - allerdings ohne es zu wissen.
---------------------------------------------
https://heise.de/-3687437
*** Hunting for Malicious Excel Sheets, (Wed, Apr 19th) ***
---------------------------------------------
Recently, I found a malicious Excel sheet which contained a VBA macro. One particularity of this file was that useful information was stored in cells. The VBA macro read and used them to download the malicious PE file. The Excel file looked classic, asking the user to enable macros: But below, around the 1000th row, some cells were hidden: Once expanded, they revealed interesting values: The macro code used the contain of those cells: [...]
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22322&rss
*** Owncloud/Nextcloud: Passwörter im Bugtracker ***
---------------------------------------------
Wer bei Owncloud oder Nextcloud einen Bugreport melden möchte, wird nach dem Inhalt seiner Konfigurationsdatei gefragt. Viele Nutzer kamen dem nach - und gaben damit ihre Passwörter öffentlich preis.
---------------------------------------------
https://www.golem.de/news/owncloud-nextcloud-passwoerter-im-bugtracker-1704…
*** A Remote Attack on the Bosch Drivelog Connector Dongle ***
---------------------------------------------
In this blog post, I discuss the vulnerabilities of the Bosch Drivelog Connector OBD-II dongle found by the Argus Research Team. The vulnerabilities allowed us to stop the engine of a moving vehicle using the Drivelog platform.
---------------------------------------------
https://argus-sec.com/remote-attack-bosch-drivelog-connector-dongle/
*** Internet routing weakness could cost Bitcoin users ***
---------------------------------------------
A flaw in the underlying design of the Internet could be very expensive for Bitcoin users, researchers find.
---------------------------------------------
https://nakedsecurity.sophos.com/2017/04/18/internet-routing-weakness-could…
*** Meet PINLogger, the drive-by exploit that steals smartphone PINs ***
---------------------------------------------
Sensors in phones running both iOS and Android reveal all kinds of sensitive info.
---------------------------------------------
https://arstechnica.com/security/2017/04/meet-pinlogger-the-drive-by-exploi…
*** BrickerBot Permanent Denial-of-Service Attack (Update A) ***
---------------------------------------------
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-102-01A BrickerBot Permanent Denial-of-Service Attack that was published April 12, 2017, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of open-source reports of "BrickerBot" attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of service (PDoS). This family of botnets, which consists of BrickerBot.1 and BrickerBot.2, was described in a Radware Attack Report.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-102-01A
*** Cryptographic security risks are amplified in DevOps settings ***
---------------------------------------------
Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications, according to a study conducted by Dimensional Research. According to the study, many organizations fail to enforce vital cryptographic security measures in their DevOps environments. These problems are especially acute among organizations that are in the midst of adopting DevOps practices, but even organizations that say their [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/19/devops-settings/
*** What is File Integrity Monitoring and Why You Need It ***
---------------------------------------------
The news is rife with stories of successful attacks against servers, point-of-sale (POS) systems, IoT devices and more where an attacker has gained access to an organization's IT assets and changed or inserted new files and data to do something malicious. Just a search on malware highlights a seemingly-endless list of variants including the recent exposure of NSA-backed malware that exploits Windows systems, the re-emergence of Dridex (designed to capture banking credentials), new malware [...]
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/what-is-file-integrity…
*** HPESBGN03734 rev.1 - HPE Vertica Analytics Platform, Remote Gain Privileged Access ***
---------------------------------------------
A potential security vulnerability has been identified in HPE Vertica Analytics Platform. This vulnerability could be remotely exploited to gain privileged access.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn037…
*** VMSA-2017-0008 ***
---------------------------------------------
VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0008.html
*** Oracle Critical Patch Update - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
*** Solaris Third Party Bulletin - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/bulletinapr2017-3680911.h…
*** Oracle Linux Bulletin - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2017-3664…
*** Oracle VM Server for x86 Bulletin - April 2017 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/ovmbulletinapr2017-366462…
*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-…
---------------------------------------------
*** Security Advisory - OpenSSL Montgomery multiplication may produce incorrect results Vulnerability ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-…
---------------------------------------------
*** Security Advisory - DoS Vulnerability in Some Huawei Products ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-…
---------------------------------------------
*** Security Advisory - Input Validation Vulnerability in Multiple Huawei Products ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-…
---------------------------------------------
*** Security Advisory - Plaintext Storage of Users' Safe Passwords in the Files APP in Huawei Mobile Phones ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170419-…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in zlib affect IBM SDK for Node.js (CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843) ***
http://www.ibm.com/support/docview.wss?uid=swg22001567
---------------------------------------------
*** IBM Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997868
---------------------------------------------
*** IBM Security Bulletin: Fix available for Sensitive Data Exposure Vulnerability in IBM Cúram Social Program Management (CVE-2016-9978) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001782
---------------------------------------------
*** IBM Security Bulletin: Fix available for DOM based Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9979) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001780
---------------------------------------------
*** IBM Security Bulletin: Fix available for Reflected Cross Site Scripting (XSS) Vulnerability in IBM Cúram Social Program Management (CVE-2016-9980) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001779
---------------------------------------------
*** IBM Security Bulletin: Fix available for a Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2016-8923) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001774
---------------------------------------------
*** IBM Security Bulletin: Access Manager Client in IBM DataPower Gateways is vulnerable to a denial of service attack. ***
http://www.ibm.com/support/docview.wss?uid=swg22001789
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem models 840 and 900 ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010111
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM FlashSystem model V840 ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010112
---------------------------------------------
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 14-04-2017 18:00 − Dienstag 18-04-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Protecting customers and evaluating risk ***
---------------------------------------------
Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers …
[View More]have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-an…
*** Ab sofort keine Updates mehr für Windows 7 und 8.1-Nutzer mit neuer Hardware ***
---------------------------------------------
Es bleibt den Usern somit nur mehr das Upgrade auf Windows 10
---------------------------------------------
http://derstandard.at/2000056017223
*** Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers ***
---------------------------------------------
Microsoft fixed critical vulnerabilities in uncredited update released in March.
---------------------------------------------
https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-wer…
*** Warnung - Betrugsversuche ***
---------------------------------------------
Wir weisen darauf hin, dass E-Mails im Umlauf sind, die von gefälschten OeNB-Absende-Adressen aus verschickt werden. [...] Die versendeten E-Mails beinhalten Schadsoftware [...]
---------------------------------------------
https://www.oenb.at/Ueber-Uns/Rechtliche-Grundlagen/warnung-betrugsversuche…
*** Email Tracking Pixels Used for Pre-Hack Info Gathering ***
---------------------------------------------
A simple email marketing trick is also abused by cyber-criminals, who are employing a technique known as "pixel tracking" to gather information on possible targets or to improve the efficiency of phishing attacks. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/email-tracking-pixels-used-f…
*** FIRST releases twenty years of conference materials ***
---------------------------------------------
The leading association of incident response and security teams publishes its repository of twenty years of incident response learnings.
---------------------------------------------
https://www.first.org/newsroom/releases/20170418
*** Edge Plagued by Various Security Flaws, Not as Secure as Microsoft Boasts ***
---------------------------------------------
Microsoft never shied away from claiming that Edge is a much more secure browser than Chrome. Even some third-party tests have sustained its claims. Nonetheless, there are currently three different issues affecting Edge, which Microsoft might not like you knowing about. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/edge-plagued-by-various-secu…
*** Wartungsarbeiten Donnerstag, 20. 4. 2017 ***
---------------------------------------------
Am Donnerstag, 20. April 2017, ab etwa 19h, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu kurzen Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen,...
---------------------------------------------
http://www.cert.at/services/blog/20170418151642-1969.html
*** VU#676632: IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow ***
---------------------------------------------
Vulnerability Note VU#676632 IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow Original Release date: 17 Apr 2017 | Last revised: 17 Apr 2017 Overview IBM Lotus Domino server, versions IMAP service contains a stack-based buffer overflow vulnerability in the EXAMINE command. This can allow a remote, authenticated attacker to execute arbitrary code with the privileges of the Domino server Description IBM Lotus Domino includes an IMAP server. This server contains a stack buffer...
---------------------------------------------
http://www.kb.cert.org/vuls/id/676632
*** NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control ***
---------------------------------------------
ProSAFE Plus Configuration Utility is vulnerable to improper access control.
---------------------------------------------
http://jvn.jp/en/jp/JVN08740778/
*** Security Notice - Statement on Command Injection Vulnerability in Huawei HG532n Product ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170418-01-…
*** 2107-04 Security Bulletin: Multiple Vulnerabilities in NorthStar Controller Application before version 2.1.0 Service Pack 1. ***
---------------------------------------------
Multiple vulnerabilities have been resolved in the NorthStar Controller Application starting from version 2.1.0 Service Pack 1 and all subsequent releases.
---------------------------------------------
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10783&cat=SIRT_1…
*** cURL and libcurl vulnerabilities in F5 products ***
---------------------------------------------
https://support.f5.com/csp/article/K84940705https://support.f5.com/csp/article/K85235351https://support.f5.com/csp/article/K17742627
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tealeaf Customer Experience (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000439
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Power Hardware Management Console (CVE-2016-8610 and CVE-2017-3731 ) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021869
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent (CVE-2017-3731, CVE-2017-3732) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1025103
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (CVE-2016-5597, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000386
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service (CVE-2016-4483) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001680
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010105
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010106
---------------------------------------------
*** IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000445
---------------------------------------------
*** IBM Security Bulletin: Multiple ZLIB vulnerabilities affect IBM Mobile Connect ***
http://www.ibm.com/support/docview.wss?uid=swg22000094
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the Firefox component of the Synthetic Playback agent affects IBM Performance Management products. ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000816
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg22001712
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900 ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010012
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization ***
http://www.ibm.com/support/docview.wss?uid=swg21992598
---------------------------------------------
[View Less]
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 13-04-2017 18:00 − Freitag 14-04-2017 18:02
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Zero Day Exploit: Magento-Onlineshops sind wieder gefährdet ***
---------------------------------------------
Wer eine Magento-basierte Onlineshop-Lösung verwendet, sollte dringend seine Einstellungen überprüfen. Ein Sicherheitslücke erlaubt die Kompromittierung der Installation und bringt …
[View More]die Kunden in Gefahr. Der Hersteller arbeitet wohl an einem Patch, kommuniziert dies jedoch nicht vernünftig.
---------------------------------------------
https://www.golem.de/news/zero-day-exploit-magento-onlineshops-sind-wieder-…
*** Exploit Kit Activity Quiets, But Is Far From Silent ***
---------------------------------------------
Here are the exploit kits to watch for over the next three to six months.
---------------------------------------------
http://threatpost.com/exploit-kit-activity-quiets-but-is-far-from-silent/12…
*** Shadow Brokers Release New Batch of Files Containing Windows and SWIFT Exploits ***
---------------------------------------------
On Good Friday and ahead of the Easter holiday, the Shadow Brokers have dumped a new collection of files, containing what appears to be exploits and hacking tools targeting Microsofts Windows OS and the SWIFT banking system. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/shadow-brokers-release-new-b…
*** BSI definiert Mindeststandard für sichere Web-Browser ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat Mindestanforderungen für sichere Web-Browser veröffentlicht. In einer Tabelle vergleicht die Behörde vier aktuelle Browser - einer wies demnach eine schwerwiegende Einschränkung auf.
---------------------------------------------
https://heise.de/-3686044
*** Phishing with Unicode Domains ***
---------------------------------------------
If I told you this could be a phishing site, would you believed me? tl;dr: check out the proof-of-concept
---------------------------------------------
https://www.xudongz.com/blog/2017/idn-phishing/
*** Critical Patch Update - April 2017 - Pre-Release Announcement ***
---------------------------------------------
Critical Patch Update - April 2017 - Pre-Release Announcement
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
*** 2017-04 Security Bulletin: EX Series: Crafted IPv6 NDP packet causing a slow memory leak on EX Series Switches (CVE-2017-2315) ***
---------------------------------------------
A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switches to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service.
---------------------------------------------
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10781
*** Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution ***
---------------------------------------------
A heap overflow vulnerability has been identified in Citrix NetScaler Gateway that could allow a remote, authenticated user to execute arbitrary commands on the NetScaler Gateway appliance as a root user.
---------------------------------------------
https://support.citrix.com/article/CTX222657
*** cURL and libcurl vulnerability CVE-2016-8622 ***
---------------------------------------------
cURL and libcurl vulnerability CVE-2016-8622. Security Advisory. Security Advisory Description. ** RESERVED ** This candidate ...
---------------------------------------------
https://support.f5.com/csp/article/K23391972
*** VMSA-2017-0007 ***
---------------------------------------------
VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0007.html
*** Wecon Technologies LEVI Studio HMI Editor ***
---------------------------------------------
This advisory contains mitigation details for heap-based buffer overflow and stack-based buffer overflow vulnerabilities in the Wecon Technologies LEVI Studio HMI Editor.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-103-01
*** Schneider Electric Modicon M221 PLCs and SoMachine Basic ***
---------------------------------------------
This advisory contains mitigation details for use of hard-coded cryptographic key and protection mechanism failure vulnerabilities in Schneider Electric's Modicon M221 PLCs and SoMachine Basic.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-103-02
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160) ***
http://www.ibm.com/support/docview.wss?uid=swg22001574
---------------------------------------------
*** IBM Security Bulletin: IBM API Connect Developer Portal is vulnerable to unauthenticated remote code execution (CVE-2017-1161) ***
http://www.ibm.com/support/docview.wss?uid=swg22000316
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services ***
http://www.ibm.com/support/docview.wss?uid=swg22001536
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by tar vulnerabilities (CVE-2010-0624 CVE-2016-6321) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1025085
---------------------------------------------
*** IBM Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998864
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight ***
http://www.ibm.com/support/docview.wss?uid=swg21999652
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 ***
http://www.ibm.com/support/docview.wss?uid=swg21999649
---------------------------------------------
*** IBM Security Bulletin: Unvalidated redirection URL vulnerability in IBM Marketing Platform (CVE-2016-0228) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001952
---------------------------------------------
Next End-of-Shift report: 2017-04-18
[View Less]