Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Donnerstag 26-01-2017
by Daily end-of-shift report 26 Jan '17

26 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 25-01-2017 18:00 − Donnerstag 26-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** VirLocker's comeback; including recovery instructions *** --------------------------------------------- Virlocker is back, the nightmare is still real. But we have found a way to at least recover your important files even if the affected machine can be considered a loss.Categories: Malware Threat analysisTags: file infectingfile recoverymalwarepolymorphicransomwareself propagatingVirLockVirlocker(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/01/virlockers-comeback-i… *** Cisco WebEx code execution hole - what you need to know *** --------------------------------------------- Googles Project Zero found a serious hole in Ciscos WebEx browser extension that is nearly but not yet fully fixed. Heres what to do. --------------------------------------------- http://feedproxy.google.com/~r/nakedsecurity/~3/XBY4vnKgI4U/ *** Powerful Android RAT impersonates Netflix app *** --------------------------------------------- Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. The latest example of this is the fake Netflix app spotted by Zscaler researchers. The fake app looks genuine at first glance, as it sports the same icon the actual legitimate Netflix app uses. But once it is installed on a smartphone or tablet and the victim clicks on it, it vanishes from... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/26/android-rat-netflix-app/ *** Android VPN Apps Caught Intercepting Traffic, Failing to Encrypt *** --------------------------------------------- New research released this week reveals that a large chunk of today Android VPN clients are a serious security and privacy risk, with some clients failing to encrypt traffic, and some even injecting ads in a customers browsing experience. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/android-vpn-apps-caught-inte… *** Shamoon disk-wiping attackers can now destroy virtual desktops, too *** --------------------------------------------- Mystery malware begins targeting a key disk-wiping defense. --------------------------------------------- https://arstechnica.com/security/2017/01/shamoon-disk-wiping-malware-can-no… *** Analysis of new Shamoon infections *** --------------------------------------------- All of the initial analysis pointed to Shamoon emerging in the Middle East. This however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 Shamoon incidents had been reported from public to private sector. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/26/shamoon-infections/ *** Gefälschte A1-Phishingmail: Neue Messaging-Plattform *** --------------------------------------------- Kriminelle versenden eine gefälschte A1 Online-Nachricht. Sie hat das Betreff "Maßnahme erforderlich: Neue Messaging-Plattform" und fordert von Empfänger/innen, dass sie ihre Zugangsdaten auf einer Website bekannt geben. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-a1-phishingmail-neue… *** OpenSSL Security Advisory [26 Jan 2017] *** --------------------------------------------- Truncated packet could crash via OOB read (CVE-2017-3731) Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) Montgomery multiplication may produce incorrect results (CVE-2016-7055) Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. --------------------------------------------- https://www.openssl.org/news/secadv/20170126.txt *** DFN-CERT-2017-0154: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0154/ *** IETF IPv6 Protocol CVE-2016-10142 Denial of Service Vulnerability *** --------------------------------------------- CVE-2016-10142 kernel - IPV6 fragmentation flaw https://bugzilla.redhat.com/show_bug.cgi?id=1415908 --------------------------------------------- Generation of IPv6 Atomic Fragments Considered Harmful https://tools.ietf.org/html/rfc8021 --------------------------------------------- http://www.securityfocus.com/bid/95797/ *** Security Advisory: TMM vulnerability CVE-2016-9249 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71282001.html?… *** Bugtraq: ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/archive/1/540050 *** Vuln: Multiple TIBCO Products CVE-2017-3180 Multiple Unspecified Cross-Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95699 *** Vuln: Autodesk FBX-SDK CVE-2016-9307 Multiple Buffer Overflow Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95802 *** Vuln: Autodesk FBX-SDK CVE-2016-9304 Multiple Buffer Overflow Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/95799 *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple IBM Websphere Application Server (WAS) vulnerabilities (CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 ) *** --------------------------------------------- Multiple vulnerabilities have been identified in the IBM Websphere Application Server (WAS) that is embedded in IBM FSM. This update addresses these issues. CVE(s): CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs for... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024555 *** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities *** --------------------------------------------- IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries CVE(s): CVE-2014-3574, CVE-2014-3529, CVE-2016-5000 Affected product(s) and affected version(s): IBM Forms Experience Builder 8.5 IBM Forms Experience Builder 8.5.1 IBM Forms Experience Builder 8.6 Refer to the following reference URLs for remediation and... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21997296 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) *** --------------------------------------------- There are multiple vulnerabilities in IBM Runtime Environment Java Version 1.5 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in January and April 2016. This Bulletin addresses these vulnerabilities. CVE(s): CVE-2015-7575, CVE-2016-0448, CVE-2016-0475, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-0264, CVE-2016-3426 Affected product(s) and affected version(s): Flex... --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1024558

1 0

Tageszusammenfassung - Mittwoch 25-01-2017
by Daily end-of-shift report 25 Jan '17

25 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 24-01-2017 18:00 − Mittwoch 25-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Kritische Sicherheitslücke in der Webshop-Software Shopware *** --------------------------------------------- Die vor allem in Deutschland beliebte Software aus Schöppingen hat eine Schwachstelle, über die Angreifer beliebigen Schadcode ausführen können. --------------------------------------------- https://heise.de/-3606627 *** VB2016 paper: Great crypto failures *** --------------------------------------------- Crypto is hard, and malware authors often make mistakes. At VB2016, Check Point researchers Yaniv Balmas and Ben Herzog discussed the whys and hows of some of the crypto blunders made by malware authors. Today, we publish their paper and the recording of their presentation. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/01/vb2016-paper-great-crypto-fa… *** Call for Papers: VB2017 *** --------------------------------------------- We have opened the Call for Papers for VB2017. We are particularly interested in receiving submissions from those working outside the security industry itself. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/01/call-papers-vb2017/ *** Malicious SVG Files in the Wild, (Tue, Jan 24th) *** --------------------------------------------- In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people [1]. SVG files (or Scalable Vector Graphics) are vector images that can be displayed in most modern browsers (natively or via a specific plugin). More precisely, Internet Explorer 9 supports the basic SVG feature sets and IE10 extended the support by adding SVG 1.1 support. In the Microsoft Windows operating system,SVG files are handled by Internet Explorer by default. From a file format point... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21971&rss *** Sicherheitspatch: Western Digital My Cloud Mirror empfänglich für Schadcode *** --------------------------------------------- Besitzer des Netzwerkspeichers sollten aus Sicherheitsgründen prüfen, dass sie die aktuelle Firmware installiert haben. --------------------------------------------- https://heise.de/-3606909 *** Trojan Transforms Linux Devices into Proxies for Malicious Traffic *** --------------------------------------------- Security researchers have uncovered a new trojan that targets Linux devices that is capable of transforming infected machines into proxy servers and relay malicious traffic, hiding the true origin of attacks or other nefarious activities. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/trojan-transforms-linux-devi… *** Capturing Pattern-Lock Authentication *** --------------------------------------------- Interesting research -- "Cracking Android Pattern Lock in Five Attempts": Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed u sing a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer... --------------------------------------------- https://www.schneier.com/blog/archives/2017/01/capturing_patte.html *** Wartungsarbeiten Dienstag, 31. 1. 2017 *** --------------------------------------------- http://www.cert.at/services/blog/20170125134029-1890.html *** Detecting threat actors in recent German industrial attacks with Windows Defender ATP *** --------------------------------------------- When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of malware as their main implant, giving them persistent access to the conglomerate's network as early... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors… *** Lücke in Samsung-Handys: Endlos-Bootschleife durch Killer-SMS *** --------------------------------------------- Samsung hat eine Lücke in älteren Geräten gestopft, die missbraucht werden kann, diese in eine Bootschleife zu versetzen und Angreifern wahrscheinlich auch die Möglichkeit gibt, Schadcode auszuführen. Geräte anderer Hersteller sind wohl noch verwundbar. --------------------------------------------- https://heise.de/-3607266 *** DFN-CERT-2017-0142: Mozilla Firefox, Firefox ESR, Tor Browser: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0142/ *** IDM 4.5 SAP User Driver Version 4.0.1.0 *** --------------------------------------------- Abstract: Patch update for the NetIQ Identity Manager SAP User Manager driver with the SAP JCO version 3. This patch will take the driver version to 4.0.1.0. You must have IDM 4.5 or later to use this driver. You should only use this patch if you are using SAP JCO3. It will not work with SAP JCO2. NetIQ recommends that users of SAP JCO2 transition to SAP JCO3 and use the IDM SAP User Manager driver for JCO3. Future versions of IDM do not support SAP JCO2.Document ID: 5269090Security Alert:... --------------------------------------------- https://download.novell.com/Download?buildid=juq3iF7EF5o~ *** Citrix Provisioning Services Multiple Security Updates *** --------------------------------------------- https://support.citrix.com/article/CTX219580 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- https://support.citrix.com/article/CTX220112 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Security Vulnerability affecting FileNet Content Manager and IBM Content Foundation (CVE-2013-5462) *** http://www.ibm.com/support/docview.wss?uid=swg21994241 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector for SAP Applications (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996483 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Enterprise Content Management System Monitor *** http://www-01.ibm.com/support/docview.wss?uid=swg21997196 --------------------------------------------- *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Authentication Bypass Vulnerability in the Find Phone Function of some Huawei Smart Phones *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Security Advisory - Two Security Vulnerabilities in Huawei EMUI *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Security Advisory - Improper Permission Control Vulnerability in Huawei Vmall Alert Service *** http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-… --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Browser Extension Remote Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** HP Security Bulletins *** --------------------------------------------- *** Bugtraq: [security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information *** http://www.securityfocus.com/archive/1/540044 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access *** http://www.securityfocus.com/archive/1/540048 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) *** http://www.securityfocus.com/archive/1/540047 --------------------------------------------- *** Bugtraq: [security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities *** http://www.securityfocus.com/archive/1/540046 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 24-01-2017
by Daily end-of-shift report 24 Jan '17

24 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 23-01-2017 18:00 − Dienstag 24-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Java: Das Ende von MD5 und SHA-1 naht *** --------------------------------------------- Oracle hat angekündigt, dass mit seinem nächsten Quartalsupdate MD5 für die Signatur von JAR-Paketen ausgemustert wird. Ebenso soll das JDK nur noch in Ausnahmen SHA-1-Zertifikate anerkennen. --------------------------------------------- https://heise.de/-3606356 *** Elga ist laut Experten leicht zu hacken *** --------------------------------------------- Personal braucht für Zugriff nur ein Passwort. Das sei zu wenig, warnt ein Fachmann. --------------------------------------------- https://kurier.at/chronik%2Foesterreich/elga-ist-laut-experten-leicht-zu-ha… *** Sicherheitsupdate: Apple patcht Root-Exploits für fast alle Plattformen *** --------------------------------------------- Apple hat umfangreiche Sicherheitsupdates für alle Plattformen herausgegeben. Ein Root-Exploit im Kernel betrifft zahlreiche Geräte, darüber hinaus gibt es viele Fehler in Webkit und in verschiedenen Bibliotheken. --------------------------------------------- http://www.golem.de/news/sicherheitsupdate-apple-patcht-root-exploits-fuer-… *** Charger mobile ransomware steals contacts and SMS messages *** --------------------------------------------- Check Point's mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger. Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user's device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment. Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/24/charger-mobile-ransomware/ *** Cisco: Magic WebEx URL Allows Arbitrary Remote Command Execution *** --------------------------------------------- TL;DR: A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target users system. --------------------------------------------- https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 *** Microsoft Reveals Windows Defender Security Center Scheduled for Creators Update *** --------------------------------------------- The Windows 10 Creators Update scheduled for launch later this year will include an upgrade of the default Windows Defender antivirus, which will feature a new settings panel named the Windows Defender Security Center. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-windows-d… *** Furby Rickroll demo: what fresh hell is this? *** --------------------------------------------- Toy-makers, please quit this rubbish, youre NO GOOD at security Heres your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/01/24/furby_rickr… *** HummingBad Android Malware Found in 20 Google Play Store Apps *** --------------------------------------------- HummingBad, an Android malware estimated to have touched over 85 million devices worldwide, was recently found in 46 new applications, 20 of which had even made their way into the official Play Store, passing Googles security checks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/hummingbad-android-malware-f… *** Advice to a New SCADA Engineer *** --------------------------------------------- Target Audience As I have come in contact with those new to industrial control systems - whether they be supervisor control and data acquisition (SCADA) systems, building automation, process automation, or what not - I have come to the conclusion that whether the individual is trade school educated or college educated, they are not prepared... --------------------------------------------- http://resources.infosecinstitute.com/advice-to-a-new-scada-engineer/ *** How to Have Fun With IPv6 Fragments and Scapy, (Mon, Jan 23rd) *** --------------------------------------------- I may extend this with a second entry later this week. But as so often, I found myself on a long flight with some time on my hands, and since the IETF just released a new RFC regarding IPv6 atomic fragments, I figured I will play a bit with scapy to kill time. [1] And well, this also makes good material for my IPv6 class [2]. This is supposed to entice you to play and experiment. Let me know if you find anything neat. Fragmentation is a necessary evil of packet networking. Packets will... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21963&rss *** Gefälschte A1 Online-Rechnung verbirgt Schadsoftware *** --------------------------------------------- Kriminelle versenden eine gefälschte A1 Online-Rechnung. Darin nennen sie ein hohes Verbindungsentgelt und das verbrauchte Datenvolumen. Der Nachricht ist die Datei "rechnung_1.zip" beigefügt. Sie verbirgt Schadsoftware. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-onl… *** Ein Jahr alte Root-Schwachstelle in Systemd aufgetaucht *** --------------------------------------------- Die Entwickler des Init-Systems Systemd haben im vergangenen Jahr eine Lücke geschlossen, über die ein Angreifer Root-Rechte erlangen kann. Allerdings wurde diese Lücke zuerst unterschätzt und blieb unbeachtet. --------------------------------------------- https://heise.de/-3606599 *** Vuln: LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95705 *** EMC Avamar Data Store and Avamar Virtual Edition File Ownership Error Lets Local Users Obtain Root Privileges *** --------------------------------------------- http://www.securitytracker.com/id/1037667 *** RSA Security Analytics Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037666 *** DFN-CERT-2017-0137: Apache Software Foundation Tomcat: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0137/ *** Security Advisory 2017-01: Security Update for OTRS Business Solution *** --------------------------------------------- January 24, 2017 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. --------------------------------------------- https://www.otrs.com/security-advisory-2017-01-security-update-otrs-busines… *** DFN-CERT-2017-0136: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. eine Privilegieneskalation *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0136/ *** Forthcoming OpenSSL releases *** --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2k, 1.1.0d. These releases will be made available on 26th January 2017 between approximately 1300-1700 UTC. They will fix several security defects with maximum severity "moderate". --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2017-January/000091.html *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-10009 *** https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31440025.html?… --------------------------------------------- *** Security Advisory: OpenSSH vulnerability CVE-2016-10010 *** https://support.f5.com:443/kb/en-us/solutions/public/k/64/sol64292204.html?… --------------------------------------------- *** Security Advisory: PHPMailer vulnerability CVE-2016-10033 *** https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74977440.html?… --------------------------------------------- *** Apple Security Updates *** --------------------------------------------- *** macOS Sierra 10.12.3 *** https://support.apple.com/kb/HT207483 --------------------------------------------- *** iOS 10.2.1 *** https://support.apple.com/kb/HT207482 --------------------------------------------- *** tvOS 10.1.1 *** https://support.apple.com/kb/HT207485 --------------------------------------------- *** watchOS 3.1.3 *** https://support.apple.com/kb/HT207487 --------------------------------------------- *** iCloud for Windows 6.1.1 *** https://support.apple.com/kb/HT207481 --------------------------------------------- *** Safari 10.0.3 *** https://support.apple.com/kb/HT207484 --------------------------------------------- *** iTunes 12.5.5 for Windows *** https://support.apple.com/kb/HT207486 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in sudo affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024766 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in expat affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024767 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995440 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in GnuPG (gpg) affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024768 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024769 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in QEMU affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024770 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in nettle affects PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024771 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in postgresql affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024772 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024773 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in NTP affect PowerKVM *** http://www.ibm.com/support/docview.wss?uid=isg3T1024775 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 23-01-2017
by Daily end-of-shift report 23 Jan '17

23 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 20-01-2017 18:00 − Montag 23-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** PowerShell 5.1 for Windows 7 and later , (Fri, Jan 20th) *** --------------------------------------------- Microsoft has released Windows Management Framework 5.1 for windows 7 and later. WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the PowerShell, WMI, WinRM and SIL components that were released with Windows Server 2016 and Windows 10 Anniversary Edition.">">"> (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21957&rss *** Hotel zum vierten Mal von Hackern lahmgelegt *** --------------------------------------------- Das Seehotel Jägerwirt auf der Turracher Höhe ist bereits zum vierten Mal von Hackern heimgesucht und erpresst worden. Die elektronischen Zimmerschlüssel wurden lahmgelegt. Daher will man jetzt zu normalen Schlüsseln zurückkehren. --------------------------------------------- http://kaernten.orf.at/news/stories/2821290/ *** Stopping Malware With a Fake Virtual Machine *** --------------------------------------------- As we explained in a previous post, some advanced malware can detect a virtual environment such as a sandbox to avoid detection and analysis. Some threats can also detect monitoring tools used for malware analysis. Often such malware will not execute or change their behavior to appear harmless. Because some malware uses these tactics, planting fake virtual machine artefacts or fake analysis tools on a system... --------------------------------------------- https://securingtomorrow.mcafee.com/mcafee-labs/stopping-malware-fake-virtu… *** Wartungsarbeiten Dienstag, 24. 1. 2017 *** --------------------------------------------- Am Dienstag, 24. Jänner 2017, werden wir Wartungsarbeiten an unserer Infrastruktur vornehmen. Dies wird zu Ausfällen der extern erreichbaren Services (zB Mail, Webserver, Mailinglisten) führen. Es gehen dabei keine Daten (zb Emails) verloren, die Bearbeitung kann sich allerdings verzögern. --------------------------------------------- http://www.cert.at/services/blog/20170120104523-1882.html *** The Week in Ransomware - January 20th 2017 - Satan RaaS, Spora, Locky, and More *** --------------------------------------------- This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-janua… *** Sage 2.0 Ransomware, (Sat, Jan 21st) *** --------------------------------------------- Introduction On Friday 2017-01-20, I checked on a malicious spam (malspam) campaign that normally distributes Cerber ransomware. That Friday it delivered ransomware Id never seen before called Sage. More specifically, it was Sage 2.0." /> Shown above: Its always fun to find ransomawre thats not Cerber or Locky. Sage is yet another family of ransomware in an already crowded field. It was noted on BleepingComputer forums back in December 2016 [1, 2], and Sage is apparently a variant of... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21959&rss *** Symantec schlampt erneut mit TLS-Zertifikaten *** --------------------------------------------- Offenbar haben mehrere von Symantec betriebene Certificate Authorities (CAs) unberechtigterweise über 100 TLS-Zertifikate ausgestellt. Das kann ein Auslesen des Datenverkehrs von HTTPS-geschützten Websites durch Dritte ermöglichen. --------------------------------------------- https://heise.de/-3604190 *** Android permissions and hypocrisy *** --------------------------------------------- I wrote a piece a few days ago about how the Meitu app asked for a bunch of permissions in ways that might concern people, but which were not actually any worse than many other apps. The fact that Android makes it so easy for apps to obtain data thats personally identifiable is of concern, but in the absence of another stable device identifier this is the sort of thing that capitalism is inherently going to end up making use of. Fundamentally, this is Googles problem to fix. --------------------------------------------- http://mjg59.dreamwidth.org/46403.html *** Researchers predict upsurge of Android banking malware *** --------------------------------------------- Android users, beware: source code and instructions for creating a potent Android banking Trojan have been leaked on a hacker forum, and researchers are expecting an onslaught of malware based on it. In fact, one has already been spotted. Masquerading as a variety of benign apps (e.g. Google Play) on third-party Android app markets, the Trojan - dubbed Android.BankBot.149.origin by Dr. Web researchers - is eminently capable. It can: Send and intercept text messages (including... --------------------------------------------- https://www.helpnetsecurity.com/2017/01/23/upsurge-android-banking-malware/ *** Massive Twitter Botnet Dormant Since 2013 *** --------------------------------------------- Researchers from the University College London have found a Twitter botnet of 350,000 bots that has been dormant since shortly after the accounts were registered. --------------------------------------------- http://threatpost.com/massive-twitter-botnet-dormant-since-2013/123246/ *** Heartbleed: OpenSSL hört nicht auf zu bluten *** --------------------------------------------- Eine Analyse der öffentlich im Internet erreichbaren Systeme zeigt, dass immer noch Hunderttausende für die OpenSSL-Lücke Heartbleed anfällig sind. Die bald drei Jahre alte Lücke findet sich demnach hauptsächlich in Mietservern der Cloud. --------------------------------------------- https://heise.de/-3605222 *** QNAP Storage Devices Firmware Update Flaw Lets Remote Users Access the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037663 *** DSA-3769 libphp-swiftmailer - security update *** --------------------------------------------- Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, amailing solution for PHP, did not correctly validate user input. Thisallowed a remote attacker to execute arbitrary code by passingspecially formatted email addresses in specific email headers. --------------------------------------------- https://www.debian.org/security/2017/dsa-3769 *** DSA-3770 mariadb-10.0 - security update *** --------------------------------------------- Several issues have been discovered in the MariaDB database server. Thevulnerabilities are addressed by upgrading MariaDB to the new upstreamversion 10.0.29. Please see the MariaDB 10.0 Release Notes for furtherdetails:... --------------------------------------------- https://www.debian.org/security/2017/dsa-3770 *** DFN-CERT-2017-0123: OpenJPEG: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0123/ *** Security Notice - Statement on Flanker Revealing Privilege Elevation Vulnerability in Huawei EMUI Keyguard Application *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170123-01-… *** Vuln: Red Hat JBoss Enterprise Application Platform CVE-2016-8627 Remote Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95698 *** Security Advisories Relating to Symantec Products - Norton Download Manager DLL Loading *** --------------------------------------------- Symantec has released an update to address a DLL loading vulnerability detected in the Norton Download Manager for affected products --------------------------------------------- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=s… *** Vuln: Brocade Network Advisor CVE-2016-8204 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95695 *** Vuln: Brocade Network Advisor CVE-2016-8205 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95694 *** Vuln: Brocade Network Advisor CVE-2016-8206 Directory Traversal Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95692 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction (CVE-2016-5597, CVE-2016-5542) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997219 --------------------------------------------- *** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991280 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099501 --------------------------------------------- *** IBM Security Bulletin: HTTP Response Splitting in WebSphere Application Server affects IBM Virtualization Engine TS7700 (CVE-2016-0359) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009661 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 20-01-2017
by Daily end-of-shift report 20 Jan '17

20 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 19-01-2017 18:00 − Freitag 20-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Satan: A new ransomware-as-a-service *** --------------------------------------------- Ransomware as a Service (RaaS) has been growing steadily since it made its debut in 2015 with Tox. With the new Satan .. --------------------------------------------- https://www.webroot.com/blog/2017/01/19/satan-new-ransomware-service *** DSA-3767 mysql-5.5 - security update *** --------------------------------------------- Several issues have been discovered in the MySQL database server. Thevulnerabilities are addressed by .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3767 *** Unbreakable Locky ransomware is on the march again *** --------------------------------------------- Necrus botnet wakes up and starts fresh malware-cano Cisco is warning of possible return of a massive ransomware spam .. --------------------------------------------- www.theregister.co.uk/2017/01/20/locky_ransomware_horrorshow_returns/ *** Internetsicherheit 2016: Erpressungstrojaner boomen in Österreich *** --------------------------------------------- Unternehmen verstärkt im Visier von DDOS-Erpressern – Geheimdienste verstärkt tätig --------------------------------------------- http://derstandard.at/2000051229037 *** Angebliche Backdoor: Kryptographen kritisieren Whatsapp-Bericht des Guardian *** --------------------------------------------- Die Diskussion um die angebliche Backdoor in Whatsapp reißt nicht ab. Bekannte Sicherheitsforscher wie .. --------------------------------------------- http://www.golem.de/news/angebliche-backdoor-kryptographen-kritisieren-what… *** Social Engineering: Neue Angriffsmethode richtet sich gegen Firmen *** --------------------------------------------- In den letzten Tagen wurden der Melde- und Analysestelle Informationssicherung MELANI mehrere Fälle gemeldet, bei denen Betrüger Firmen anrufen, sich als .. --------------------------------------------- https://www.melani.admin.ch/melani/de/home/dokumentation/newsletter/social-… *** Achtung: Große Anzahl von Netgear-Routern lässt sich über Admin-Interface kapern *** --------------------------------------------- Gleich 30 Router-Modelle von Netgear enthalten eine Schwachstelle, die es Angreifern ermöglicht, die Admin-Passwörter der Geräte auszulesen und diese komplett zu übernehmen. Die Updates des Herstellers sollten umgehend eingespielt werden. --------------------------------------------- https://heise.de/-3603918 *** Wieder Ermittlungen gegen Skidata im Betriebsspionage-Verfahren *** --------------------------------------------- http://derstandard.at/2000051248975 *** ZDI-17-044: Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations .. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-044/ *** ZDI-17-045: Adobe Reader DC XSLT apply-templates Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-045/ *** ZDI-17-053: Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability *** --------------------------------------------- This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-053/

1 0

Tageszusammenfassung - Donnerstag 19-01-2017
by Daily end-of-shift report 19 Jan '17

19 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 18-01-2017 18:00 − Donnerstag 19-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Who is Anna-Senpai, the Mirai Worm Author? *** --------------------------------------------- On September 22, 2016, this site was forced offline for nearly four days after it was hit with “Mirai,” a malware strain that enslaves poorly secured Internet of Things (IoT) devices like wireless routers and security cameras into a botnet for use in large cyberattacks. Roughly a week after that .. --------------------------------------------- https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-autho… *** Docker Patches Container Escape Vulnerability *** --------------------------------------------- Docker has patched a privilege escalation vulnerability that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container. --------------------------------------------- http://threatpost.com/docker-patches-container-escape-vulnerability/123161/ *** Database Ransom Attacks Hit CouchDB and Hadoop Servers *** --------------------------------------------- For the past week, unknown groups of cyber-criminals have taken control of and wiped data from CouchDB and Hadoop databases, in some cases asking for a ransom fee to return the .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/database-ransom-attacks-hit-… *** Adobes naughty Chrome telemetry code had XSS problem *** --------------------------------------------- Since patched, but a bad look for Adobe when it cant even get snoopware right Adobes pushed out a fix for its already-controversial Chrome telemetry extension after Project Zeros Tavis Ormandy found an .. --------------------------------------------- www.theregister.co.uk/2017/01/19/adobe_telemetry_patch_patched_against_xss/ *** Insecure Hadoop installs next in net scum crosshairs *** --------------------------------------------- Because MongoDB, Elasticsearch ransomware attacks are sooo last week Rinse-and-repeat ransomware attacks on data services left unsecured by dozy sysadmins are now hitting Hadoop instances. --------------------------------------------- www.theregister.co.uk/2017/01/19/insecure_hadoop_installs_under_attack/ *** Ex-Sysadmin fordert 200.000 Dollar für Nennung von Passwort *** --------------------------------------------- US-amerikanisches College wirft ehemaligem Mitarbeiter Erpressung vor --------------------------------------------- http://derstandard.at/2000050946919 *** Apple’s malware problem is accelerating *** --------------------------------------------- For a long time, one of the most common reasons for buying an Apple computer over a Windows-based one was that the former was less susceptible to viruses and other malware. However, the .. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/19/apple-malware-problem-accelerati… *** Viren, Spam und Computerausfälle betreffen IT-Sicherheit bei KMU *** --------------------------------------------- Fehlendes Wissen und Angst vor Kosten wichtigste Gründe, warum Situation nicht verbessert wird --------------------------------------------- http://derstandard.at/2000051117771 *** DSA-3766 mapserver - security update *** --------------------------------------------- It was discovered that mapserver, a CGI-based framework for Internetmap services, was vulnerable to a stack-based overflow. This issueallowed a remote user to crash the service, or potentially execute arbitrary code. --------------------------------------------- https://www.debian.org/security/2017/dsa-3766 *** Google veröffentlicht Riesen-Patch-Paket für Android *** --------------------------------------------- 94 einzelne Lücken, 10 kritische Sicherheitsprobleme; Googles Android Security Bulletin für den Januar hat es in sich. --------------------------------------------- https://heise.de/-3603108 *** Forcepoint: Carbanak nutzt Google-Dienste für Malware-Hosting *** --------------------------------------------- Wer seine Malware auf einem Command-und-Control-Server hostet, läuft Gefahr, von Firewall-Regeln erkannt zu werden. Die Carbanak-Gruppe liefert Kommandos daher über Google-Docs aus. --------------------------------------------- http://www.golem.de/news/forcepoint-carbanak-nutzt-google-dienste-fuer-malw… *** Hackingvorwürfe: "Deutschland stellt Russland als Aggressor dar" *** --------------------------------------------- Russisches Außenamt beschwert sich über deutsche Vorgangsweise: "Keine Beweise vorgelegt" --------------------------------------------- http://derstandard.at/2000051188487 *** Samsung SmartCam-Kameras sind Freiwild für Botnetz-Betreiber *** --------------------------------------------- Forscher haben vor Jahren Lücken in der SmartCam SNH-1011 entdeckt, die von Samsung nur unzureichend geflickt wurden. Nun sind die IP-Kameras erneut angreifbar. --------------------------------------------- https://heise.de/-3603201

1 0

Tageszusammenfassung - Mittwoch 18-01-2017
by Daily end-of-shift report 18 Jan '17

18 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 17-01-2017 18:00 − Mittwoch 18-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Critical Patch Update - January 2017 *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html *** vBulletin Malware – When Hackers Compete for Backdoor Control *** --------------------------------------------- A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we encountered had .. --------------------------------------------- https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-… *** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH and other third party software vulnerabilities affect NSM Appliance OS. *** --------------------------------------------- http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS *** Kill it with fire: US-CERT warns admins to dump Server Message Block *** --------------------------------------------- Shadow Brokers may have loosed a zero-day, so youre better safe than sorry The US computer emergency readiness team .. --------------------------------------------- www.theregister.co.uk/2017/01/18/uscert_warns_admins_to_kill_smb_after_shad… *** Do web injections exist for Android? *** --------------------------------------------- Man-in-the-Browser (MITB) attacks can be implemented using various means, including malicious DLLs, rogue .. --------------------------------------------- http://securelist.com/blog/research/77118/do-web-injections-exist-for-andro… *** In Review: 2016’s Mobile Threat Landscape Brings Diversity, Scale, and Scope *** --------------------------------------------- 65 million: the number of times we’ve blocked mobile threats in 2016. By December 2016, the total number of unique samples of malicious Android apps we’ve collected and .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/2016-mobile-thre… *** Last call to replace SHA-1 certificates *** --------------------------------------------- http://blog.sec-consult.com/2017/01/last-call-to-replace-sha-1-certificates… *** The Carbanak gang is with a new modus operandi, Google services as C&C *** --------------------------------------------- The infamous Carbanak cybercrime gang is back and is leveraging Google services for command-and-control of its malicious codes. The dreaded Carbanak cybercrime gang is back .. --------------------------------------------- http://securityaffairs.co/wordpress/55427/cyber-crime/carbanak-google-servi… *** Spora Ransomware Offers Victims Unique Payment Options *** --------------------------------------------- Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options. --------------------------------------------- http://threatpost.com/spora-ransomware-offers-victims-unique-payment-option… *** Kritische Lücken in Java & Co: Oracle wirft Riesen-Patchpaket ab *** --------------------------------------------- Das neueste Critical Patch Update von Oracle enthält unter anderem Sicherheitsupdates für Java, MySQL und VirtualBox. Wie immer gibt es Patches für fast alle Produkte des Herstellers. --------------------------------------------- https://heise.de/-3601613 *** Ancient Mac backdoor discovered that targets medical research firms *** --------------------------------------------- More secure than PC? Ha! Security researchers at Malwarebytes have discovered a Mac backdoor using antiquated code that targets biomedical research facilities.… --------------------------------------------- ww.theregister.co.uk/2017/01/18/mac_malware/ *** Uncovering the Inner Workings of EyePyramid *** --------------------------------------------- Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-inner…

1 0

Tageszusammenfassung - Dienstag 17-01-2017
by Daily end-of-shift report 17 Jan '17

17 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 16-01-2017 18:00 − Dienstag 17-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Who's winning the cyber war? The squirrels, of course *** --------------------------------------------- CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" can. --------------------------------------------- http://arstechnica.com/information-technology/2017/01/whos-winning-the-cybe… *** Dodgy Dutch developer built backdoors into thousands of sites *** --------------------------------------------- Then hoovered out users personal data, stole identities galore and spent up big Dutch police are this week warning 20,000 users that their email accounts were hacked after .. --------------------------------------------- www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_b… *** [2017-01-17] Cross site scripting in TYPO3 CMS extension "Recommend page" *** --------------------------------------------- The "Recommend page" extension (pb_recommend_page) for the TYPO3 CMS does not sanitize input properly. Hence an attacker can inject malicious HTML/JavaScript content which can cause harm to the users. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Erpressung ist (immer noch) in! *** --------------------------------------------- Das neue Jahr bringt sicherlich wieder viele technische Neuerungen und (potentiell unsägliche) Trends mit sich. Eines bleibt leider unverändert: Erpressung ist in.Neben DDoS-Drohungen und Ransomware in .. --------------------------------------------- http://www.cert.at/services/blog/20170117104444-1861.html *** CryptoSearch: Tool findet und sammelt von Ransomware verschlüsselte Dateien zur Verwahrung ein *** --------------------------------------------- Wenn ein Erpressungs-Trojaner Daten in seine Gewalt gebracht hat, hoffen Opfer auf ein kostenloses Entschlüsselungstool - wann und ob überhaupt eins kommt, ist aber oft unklar. Ein Windows-Tool sammelt und archiviert bis dahin betroffene Dateien. --------------------------------------------- https://heise.de/-3597757 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- Security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to read a small part of ... --------------------------------------------- https://support.citrix.com/article/CTX219378 *** Free-to-Play: Forum von Clash-of-Clans-Betreiber gehackt *** --------------------------------------------- Erneut ist ein vBulletin-Forum gehackt worden. Betroffen sind vermutlich 1,1 Millionen Nutzer von Supercell-Foren. Der Spielehersteller vertreibt populäre Titel wie Clash of Clans und Clash Royale. --------------------------------------------- http://www.golem.de/news/free2play-forum-von-clash-of-clans-betreiber-gehac… *** The Line of Death *** --------------------------------------------- When building applications that display untrusted content, security designers have a major problems if an attacker has full control of a block of pixels, he can make those pixels look .. --------------------------------------------- https://textslashplain.com/2017/01/14/the-line-of-death/

1 0

Tageszusammenfassung - Montag 16-01-2017
by Daily end-of-shift report 16 Jan '17

16 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 13-01-2017 18:00 − Montag 16-01-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Hardening Windows 10 with zero-day exploit mitigations *** --------------------------------------------- Cyber attacks involving zero-day exploits happen from time to time, affecting different platforms and applications. Over the years, Microsoft security teams have been working extremely .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-wi… *** WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs *** --------------------------------------------- According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for .. --------------------------------------------- http://securityaffairs.co/wordpress/55308/breaking-news/wordpress-4-7-1-rel… *** DSA-3764 pdns - security update *** --------------------------------------------- Multiple vulnerabilities have been discovered in pdns, an authoritativeDNS server. The Common Vulnerabilities and Exposures project identifiesthe following .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3764 *** DSA-3763 pdns-recursor - security update *** --------------------------------------------- Florian Heinz and Martin Kluge reported that pdns-recursor, a recursiveDNS server, parses all records present in a query regardless of whetherthey are .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3763 *** Backup Files Are Good but Can Be Evil *** --------------------------------------------- Since we started to work with computers, we always heard the following advice: Make backups!. Everytime you have to change something in a file or an application, first make a backup of the existing resources (code, configuration files, data). But, .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21935 *** Compliance: Deutsche Bank verbannt Whatsapp und SMS von Diensthandys *** --------------------------------------------- Mitarbeiter der Deutschen Bank können künftig nicht mehr untereinander per Whatsapp oder SMS kommunizieren. Die Apps sollen von den Geräten der Mitarbeiter entfernt werden - weil es die Behörden so wollen. --------------------------------------------- http://www.golem.de/news/compliance-deutsche-bank-verbannt-whatsapp-und-sms… *** DSA-3765 icoutils - security update *** --------------------------------------------- Several programming errors in the wrestool tool of icoutils, a suiteof tools to create and extract MS Windows icons and .. --------------------------------------------- https://www.debian.org/security/2017/dsa-3765 *** Rätselraten um NSA-Waffenhändler "Shadow Brokers" *** --------------------------------------------- Hacker- Gruppe kündigte Rückzug an – lauter werdende Gerüchte um Verbindungen nach Russland --------------------------------------------- http://derstandard.at/2000050751646 *** Datendiebstahl bei den iPhone-Hackern Cellebrite *** --------------------------------------------- Die Firma, die die Verschlüsselung des iPhones für das FBI geknackt haben soll, wurde Opfer eines Datendiebstahls. 900 GB an Daten sind gestohlen worden. --------------------------------------------- https://futurezone.at/digital-life/datendiebstahl-bei-den-iphone-hackern-ce… *** Cyberangriffe zu deutschem Wahlkampf befürchtet: Abwehrzentrum geplant *** --------------------------------------------- Bundestagspräsident: "Was technisch möglich ist, findet auch statt" --------------------------------------------- http://derstandard.at/2000050779644 *** Google reveals its servers all contain custom security silicon *** --------------------------------------------- Even the servers it colocates (!) says new docu revealing Alphabet subs security secrets Google has published a Infrastructure Security Design Overview that explains how it secures .. --------------------------------------------- www.theregister.co.uk/2017/01/16/google_reveals_its_servers_all_contain_cus… *** Blackberry DTEK60 im (Sicherheits-)Test: Sicher, weil isso! *** --------------------------------------------- Blackberry will die Quadratur des Kreises schaffen: ein sicheres Android-Smartphone. Leider stellt der Hersteller wenig Informationen bereit und verwirrt Nutzer teils unnötig. --------------------------------------------- http://www.golem.de/news/blackberry-60-im-sicherheits-test-sicher-weil-isso… *** New Gmail phishing technique fools even tech-savvy users *** --------------------------------------------- An effective new phishing attack is hitting Gmail users and tricking many into inputing their Gmail credentials into a fake login page. How the attack unfolds The phishers start by compromising a Gmail account, then they rifle through the emails .. --------------------------------------------- https://www.helpnetsecurity.com/2017/01/16/new-gmail-phishing-attack-fools-… *** 35 Jahre C64: Die Geburtsstunde der "Cracker" und Kopierer *** --------------------------------------------- In den 1980er-Jahren war es in Österreich vergleichsweise schwer, überhaupt Software zu kaufen --------------------------------------------- http://derstandard.at/2000049895466 *** Cartapping: Autos werden seit 15 Jahren digital verwanzt *** --------------------------------------------- Um den Standort eines Autos zu überwachen, muss längst keine GPS-Wanze mehr angebracht werden. In den USA wird das offenbar schon lange mithilfe der intelligenten Navigations- und Bordsysteme praktiziert. --------------------------------------------- http://www.golem.de/news/cartapping-autos-werden-seit-15-jahren-digital-ver… *** We reverse engineered 16k apps, here’s what we found *** --------------------------------------------- In Nov’16, we created an online tool to reverse engineer any android app to look for secrets. This tool was built because of an internal need — we were constantly required to reverse .. --------------------------------------------- https://medium.com/@mkagenius/afdccb592b81 *** Mailserver Dovecot: erfolgreiches Sicherheits-Audit *** --------------------------------------------- Als weitestgehend sicher stuft das Berliner IT-Sicherheitsunternehmen Cure53 den Mailserver Dovecot ein. In Auftrag gegeben hatte diese Untersuchung die Mozilla Foundation. --------------------------------------------- https://heise.de/-3596977

1 0

Tageszusammenfassung - Freitag 13-01-2017
by Daily end-of-shift report 13 Jan '17

13 Jan '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 12-01-2017 18:00 − Freitag 13-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Critical Patch Update - January 2017 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html *** EMET 5.52 update is now available *** --------------------------------------------- EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2017/01/12/emet-5-52-update-is-now-… *** Marlboro Ransomware Defeated in One Day *** --------------------------------------------- A new ransomware family was snuffed in its crib today after security researchers tracked it down, analyzed its source code for weaknesses, and released a decrypter in less than 24 hours. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated… *** Angriffe auf VoIP-Gateways von beroNet, Patch sorgt für Sicherheit *** --------------------------------------------- Angreifer entdeckten eine Schwachstelle in den VoIP-Gateways des Berliner Herstellers beroNet und nutzen diese seit kurzem aus, um die Rechnungen ihrer Opfer in die Höhe zu treiben. Ein Patch des Herstellers stopft das Sicherheitsloch. --------------------------------------------- https://heise.de/-3594737 *** November-December 2016 *** --------------------------------------------- The NCCIC/ICS-CERT Monitor for November/December 2016 is a summary of ICS-CERT activities for the previous two months --------------------------------------------- https://ics-cert.us-cert.gov/monitors/ICS-MM201612 *** Wie sich Banken vor Cyberangriffen schützen *** --------------------------------------------- Olaf Schwarz, Information Security Officer bei der Direktbank ING DiBa Austria über Cyberangriffe auf Banken, Ransomware und Sicherheitsschulungen für Mitarbeiter. --------------------------------------------- https://futurezone.at/digital-life/wie-sich-banken-vor-cyberangriffen-schue… *** Whos Attacking Me?, (Fri, Jan 13th) *** --------------------------------------------- I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. IVRE [1] (DRUNK in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. Its a network reconnaissance framework that includes: Passive recon features (via flow analysis coming from Bro or Nfdump Fingerprinting analysis Active recon (via Nmapor Zmap) Import tools (from Nmap or Masscan) I deployed this tool and feed it with... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21933&rss *** MongoDB Hijackers Move on to ElasticSearch Servers *** --------------------------------------------- After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongodb-hijackers-move-on-to… *** Schlüsselaustausch: Aufregung um angebliche Whatsapp-Backdoor *** --------------------------------------------- Hat Whatsapp eine Backdoor? Das behaupten zumindest ein Sicherheitsforscher und der Guardian. Tatsächlich könnte es auch eine weniger spektakuläre Erklärung geben. --------------------------------------------- http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsa… *** Ploutus ATM Malware: Press F3 for Money *** --------------------------------------------- Security researchers from FireEye have identified a new variant of the Ploutus ATM malware, used for the past few years to make ATMs spew out cash on command. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ploutus-atm-malware-press-f3… *** Security Alert: RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware *** --------------------------------------------- Cybersecurity experts obsessively repeat two types of advice: Use stronger passwords. Update your software. Today's security alert is all about the importance of applying software updates as soon as they're released. At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users. The campaign works by injecting malicious scripts into insecure... --------------------------------------------- https://heimdalsecurity.com/blog/rig-exploit-kit-cerber-ransomware-outdated… *** DSA-3761 rabbitmq-server - security update *** --------------------------------------------- It was discovered that RabbitMQ, an implementation of the AMQPprotocol, didnt correctly validate MQTT (MQ Telemetry Transport)connection authentication. This allowed anyone to login to an existinguser account without having to provide a password. --------------------------------------------- https://www.debian.org/security/2017/dsa-3761 *** Vuln: Splunk Enterprise CVE-2016-10126 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95412 *** Vuln: Lenovo XClarity Administrator CVE-2016-8221 Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95417 *** HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information *** --------------------------------------------- A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403 *** Vuln: Zabbix CVE-2016-10134 SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95423 *** Security Advisory: BIND vulnerability CVE-2016-9147 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02138183.html?… *** Security Advisory: BIND vulnerability CVE-2016-9131 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/86/sol86272821.html?… *** Security Advisory: BIND vulnerability CVE-2016-9444 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40181790.html?… *** PowerDNS Security Fixes *** --------------------------------------------- PowerDNS Recursor 4.0.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001051.ht… --------------------------------------------- PowerDNS Recursor 3.7.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001052.ht… --------------------------------------------- PowerDNS Authoritative Server 4.0.2 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001053.ht… --------------------------------------------- PowerDNS Authoritative Server 3.4.11 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001054.ht… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology *** https://www.ibm.com/support/docview.wss?uid=swg21997084 --------------------------------------------- *** IBM Security Bulletin: Unauthenticated User Could Gain Remote Access to TS3100/TS3200 (CVE-2016-9005) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009656 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Image Construction and Composition Tool. (CVE-2016-5573, CVE-2016-5542, and CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21997055 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM PureApplication System. *** http://www.ibm.com/support/docview.wss?uid=swg21994499 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. *** http://www.ibm.com/support/docview.wss?uid=swg21997063 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996950 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099527 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-0378) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996968 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Monitoring (CVE-2015-1788) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997156 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily