Daily

daily@lists.cert.at

1 participants
3085 discussions

Tageszusammenfassung - Mittwoch 28-12-2016
by Daily end-of-shift report 28 Dec '16

28 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 27-12-2016 18:00 − Mittwoch 28-12-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Bugtraq: PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) *** --------------------------------------------- http://www.securityfocus.com/archive/1/539967 *** Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-… *** Android Trojan Switcher Infects Routers via DNS Hijacking *** --------------------------------------------- A new Android Trojan, Switcher, uses victims devices to infect WiFi routers and funnel users of the network to malicious sites. --------------------------------------------- http://threatpost.com/android-trojan-switcher-infects-routers-via-dns-hijac… *** Security Advisory - Input Validation Vulnerability in Huawei VRP Platform *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161228-… *** 33C3: Bluetooth-Schlösser: Smart, aber nicht sicher *** --------------------------------------------- App statt Schlüssel: Immer mehr Hersteller bieten Schlösser mit Cloud-Anbindung an. Doch Lockpicker können die teuren Geräte ohne große Probleme knacken. --------------------------------------------- https://heise.de/-3582323 *** IT-Sicherheit im Jahr 2016: Der Nutzer ist nicht schuld *** --------------------------------------------- Geht es um IT-Sicherheitsprobleme, wird gern über die Nutzer geschimpft. Und auch wenn viele Nutzer tatsächlich Fehler machen, liegt die Verantwortung für Sicherheitslücken, Botnetze und mangelnden Datenschutz meist bei anderen. --------------------------------------------- http://www.golem.de/news/it-sicherheit-im-jahr-2016-der-nutzer-ist-nicht-sc… *** Bugtraq: [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage *** --------------------------------------------- http://www.securityfocus.com/archive/1/539968 *** Using Guzzle and PHPUnit for REST API Testing *** --------------------------------------------- APIs are increasingly becoming the backbone of the modern internet - whether youre ordering .. --------------------------------------------- https://blog.cloudflare.com/using-guzzle-and-phpunit-for-rest-api-testing/ *** Vuln: Multiple Samsung Devices OTP Service Remote Heap Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95134 *** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection (CVE-2016-6065) *** --------------------------------------------- IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. IBM Security Guardium Database Activity .. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21995657 *** Hacker-Angriff auf OSZE in Wien: Daten gestohlen *** --------------------------------------------- Die OSZE mit Sitz in Wien wurde Anfang November Ziel einer Hackerattacke. Daten und die Integrität des Netzwerkes der OSZE waren gefährdet, sagte eine Sprecherin. --------------------------------------------- https://futurezone.at/netzpolitik/hacker-angriff-auf-osze-in-wien-daten-ges… *** Reverse Engineering: Sicherheitsforscher öffnen Threema-Blackbox *** --------------------------------------------- Zwei Sicherheitsforscher haben auf dem 33C3 einen genauen Blick in die innereien des Messengers Threema geworfen. Ihre Ergebnisse sind bei Github dokumentiert - und sollen sich für die Entwicklung von Bots eignen. --------------------------------------------- http://www.golem.de/news/reverse-engineering-sicherheitsforscher-oeffnen-th…

1 0

Tageszusammenfassung - Dienstag 27-12-2016
by Daily end-of-shift report 27 Dec '16

27 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 23-12-2016 18:00 − Dienstag 27-12-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** NetApp Snap Creator Framework Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037530 *** BMC Remedy Action Request System Password Reset Flaw Lets Remote Users Modify Passwords on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037529 *** Netgear-Router N300 mit massiver Sicherheitslücke *** --------------------------------------------- Netgears Router N300 (Modell WNR2000) weist eine Schwachstelle auf, über die Angreifer Zugriff auf die Admin-Funktionen des Geräts erlangen können. Ein .. --------------------------------------------- http://derstandard.at/2000049819772 *** [local] - OpenSSH < 7.4 - UsePrivilegeSeparation Disabled Forwarded Unix Domain Sockets Privilege Escalation *** --------------------------------------------- This issue affects OpenSSH if privilege separation is disabled (config option UsePrivilegeSeparation=no). While privilege separation is enabled by default, it .. --------------------------------------------- https://www.exploit-db.com/exploits/40962/ *** ZyXEL and Netgear Fail to Patch Seven Security Flaws Affecting Their Routers *** --------------------------------------------- Router manufacturers such as Netgear and ZyXEL have failed to address seven security flaws reported .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/zyxel-and-netgear-fail-to-pa… *** DFN-CERT-2016-2141/">Exim: Zwei Schwachstellen ermöglichen das Ausspähen von Informationen und die Eskalation von Privilegien *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer kann sensitive Informationen ausspähen und möglicherweise weitere Angriffe ausführen, wenn Exim unter bestimmten Bedingungen kompiliert wurde und ausgeführt wird. Dazu muss .. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-2141/ *** 33C3: CCC-Kongress beginnt in Hamburg *** --------------------------------------------- Unter dem Motto "Works for me" hat der Kongress des Chaos Computer Clubs in Hamburg begonnen. Vier Tage lang beschäftigen sich die 12.000 Teilnehmer mit Hacks, Politik und alternativen Lebensentwürfen. --------------------------------------------- https://heise.de/-3582149 *** Vuln: PyCrypto cryptmsg.py Buffer Overflow Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95122 *** IBM Security Bulletin: Vulnerabilities in Bind affect IBM SmartCloud Entry (CVE-2016-2776 CVE-2016-2848 ) *** --------------------------------------------- IBM SmartCloud Entry is vulnerable to bind vulnerabilities. Remote attackers could exploit the vulnerabilities to trigger an assertion failures and make named .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024649

1 0

Tageszusammenfassung - Samstag 24-12-2016
by Daily end-of-shift report 24 Dec '16

24 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 22-12-2016 18:00 − Freitag 23-12-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Litauen entdeckt russische Spionage-Software auf Regierungsrechnern *** --------------------------------------------- Schadsoftware wurde offenbar mittels infizierter USB-Sticks auf die Computer eingebracht --------------------------------------------- http://derstandard.at/2000049749836 *** So somebody is throwing HTML at your sshd. What to do? *** --------------------------------------------- Yes, its exactly as wrong as it sounds. Heres a distraction with bizarre twists for the true log file junkies among you. Happy reading for the holidays!As will probably not surprise .. --------------------------------------------- http://bsdly.blogspot.com/2016/12/so-somebody-is-throwing-html-at-your.html *** Cerber Ransomware Doesnt Delete Shadow Volume Copies Anymore, Prioritizes Office Docs *** --------------------------------------------- Recent versions of the Cerber ransomware are behaving somewhat different from older variants, with the ransomware .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/cerber-ransomware-doesnt-del… *** Before You Pay that Ransomware Demand… *** --------------------------------------------- A decade ago, if a desktop computer got infected with malware the chief symptom probably was an intrusive browser toolbar of some kind. Five years ago you were more likely to whacked .. --------------------------------------------- https://krebsonsecurity.com/2016/12/before-you-pay-that-ransomware-demand/ *** Steganalysis, the Counterpart of Steganography *** --------------------------------------------- In my last blog post I discussed the art of embedding secret messages in any file so that only the sender and the receiver .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Steganalysis,-the-Count… *** New Guide to Fixing Google Blacklist Warnings *** --------------------------------------------- One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped with a .. --------------------------------------------- https://blog.sucuri.net/2016/12/guide-to-fix-site-warnings.html *** Fidelix FX-20 Series Controllers Path Traversal Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in Fidelix FX-20 series controllers. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-357-01 *** WAGO Ethernet Web-based Management Authentication Bypass Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an authentication bypass vulnerability in WAGO’s Ethernet Web-based Management products. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02 *** Your password expiry policy may have reached its expiry date *** --------------------------------------------- In cyber security as much as anywhere else, its important to use the right tools for the job at hand. However, sometimes we can get a bit too attached to particular tools, .. --------------------------------------------- https://www.ncsc.gov.uk/blog-post/your-password-expiry-policy-may-have-reac… *** As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify *** --------------------------------------------- Bitcoin price surge reverberates through cybercriminal landscape, as cyber-criminals ramp up phishing attacks .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/as-bitcoin-price-surges-phis… *** Using Monitor Resolution as Obfuscation Technique *** --------------------------------------------- A quick blog post about a malicious VBScript macro that I analysed. Bad guys have always plenty of .. --------------------------------------------- https://blog.rootshell.be/2016/12/23/using-monitor-resolution-obfuscation-t… *** Keine Belege für geplante russische Cyberangriffe auf die Bundestagswahl *** --------------------------------------------- http://derstandard.at/2000049777463 *** Drastische Warnungen vor dem "Internet der Dildos" *** --------------------------------------------- Neue Gruppe will auf Gefahren durch smarte Sexspielzeuge aufmerksam machen --------------------------------------------- http://derstandard.at/2000049785388 *** Alle Jahre wieder: Netgear-Router N300 / WNR2000 angreifbar *** --------------------------------------------- Eine Zero-Day-Lücke plagt mal wieder Router von Netgear. Das verwundbare Modell ist in der Vergangenheit auch schon Opfer gravierender Lücken geworden. --------------------------------------------- https://heise.de/-3581275 *** Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware *** --------------------------------------------- A new in-development variant of the Koolova Ransomware has been discovered that will decrypt your .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-… Aufgrund des Feiertages am Montag, den 26.12.2016, erscheint der nächste End-of-Shift-Report erst am Dienstag, den 27.12.2016

1 0

Tageszusammenfassung - Donnerstag 22-12-2016
by Daily end-of-shift report 22 Dec '16

22 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 21-12-2016 18:00 − Donnerstag 22-12-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter *** MS16-DEC - Microsoft Security Bulletin Summary for December 2016 - Version: 1.2 *** --------------------------------------------- V1.2 (December21, 2016): The December 13, 2016, Security and Quality Rollups updates 3210137 and 3210138 contain a known issue that affects the .NET Framework 4.5.2 running on Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. The issue was also present in the November 15, 2016, Preview of Quality rollup updates that were superseded by the December 13, 2016 Rollup updates. The issue causes applications that connect to an instance of Microsoft SQL Server on the same computer to generate the following error message: “provider: Shared Memory Provider, error: 15 - Function not supported” For more information please refer to Knowledge Based Article 3214106 --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-DEC *** NIST Asks Public For Help With Quantum-Proof Cryptography *** --------------------------------------------- chicksdaddy quotes a report from The Security Ledger: With functional, quantum computers on the (distant?) horizon, The National Institute of Standards and Technology (NIST) is asking the public for help heading off what it calls "a looming threat to information security:" powerful quantum computers capable of breaking even the strongest encryption codes used to protect the privacy of digital information. In a statement Tuesday, NIST asked the public to submit ideas for... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/_VC9qbMlmm8/nist-asks-publi… *** HTTPS-Zwang für Apps: Apple verlängert Deadline *** --------------------------------------------- Eigentlich sollten iPhone- und iPad-Apps ab Jahresende nicht mehr über ungesicherte HTTP-Verbindungen kommunizieren, nun hat Apple zusätzliche Zeit für die Umstellung eingeräumt. --------------------------------------------- https://heise.de/-3579891 *** vSphere Data Protection: VMware entfernt hart-codierten Root-Key *** --------------------------------------------- Angreifer sollen die Backup- und Recovery-Lösung für virtuelle Maschinen mit vergleichsweise wenig Aufwand übernehmen können. Sicherheitspatches stehen zum Download bereit. --------------------------------------------- https://heise.de/-3579872 *** Security Alert: Malicious Script Injections Spread Cerber Ransomware, Make Use of Nemucod Downloader *** --------------------------------------------- This ongoing ransomware campaign packs a big punch against its victims, aiming for a high success rate in terms of infected systems. Using a malware cocktail to drive infection rates The cybercriminals behind the campaign are compromising legitimate websites by injecting malicious scripts. The injects then redirect the victims' Internet traffic to a Cerber gateway... --------------------------------------------- https://heimdalsecurity.com/blog/security-alert-malicious-script-injections… *** Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units *** --------------------------------------------- In June CrowdStrike identified and attributed a series of targeted intrusions at the Democratic National Committee (DNC), and other political organizations that utilized a well known implant commonly called X-Agent. X-Agent is a cross platform remote access toolkit, variants have been identified for various Windows operating systems, Apple's iOS, and likely the MacOS. Also known as Sofacy, X-Agent has been tracked by the security community for almost a decade, CrowdStrike associates the... --------------------------------------------- https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian… *** Writing Burp Extensions (Shodan Scanner) *** --------------------------------------------- In this article, we will have an overview of writing Burp extensions. At the end of the post, we will have an extension that will take any HTTP request, determine the IP address of domain and get specific information using Shodan API. I have divided the article in the following hierarchy so that you can... --------------------------------------------- http://resources.infosecinstitute.com/writing-burp-extensions-shodan-scanne…

1 0

Tageszusammenfassung - Mittwoch 21-12-2016
by Daily end-of-shift report 21 Dec '16

21 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 20-12-2016 18:00 − Mittwoch 21-12-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** PrestaShop Attack Steals Login Credentials *** --------------------------------------------- Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse resources or gain SEO power, and in others they are seeking access to sensitive data, also known as data exfiltration. The .. --------------------------------------------- https://blog.sucuri.net/2016/12/prestashop-attack-steals-login-credentials.… *** Data Center Physical Security *** --------------------------------------------- A data center is the epicenter of any online infrastructure. A data center’s size can vary widely, depending on an organization’s needs. Broadly speaking, a .. --------------------------------------------- http://resources.infosecinstitute.com/data-center-physical-security/ *** DSA-3741 tor - security update *** --------------------------------------------- It was discovered that Tor, a connection-based low-latency anonymouscommunication system, .. --------------------------------------------- https://www.debian.org/security/2016/dsa-3741 *** Kaspersky updates RannohDecryptor to decrypt CryptXXXs Crypt, Cryp1, and Crypz Extensions *** --------------------------------------------- If you are a CryptXXX Ransomware victim who didnt pay the ransom and instead decided to store their encrypted files and ransom notes for future fixes then you .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/kaspersky-updates-rannohdecr… *** 33c3-Programm: Was vom Hacker-Kongress zu erwarten ist *** --------------------------------------------- Von 27. bis 30. Dezember findet in Hamburg zum 33. Mal das jährliche Hackertreffen des Chaos Computer Club (CCC) statt. Fahrplan und Wiki geben eine erste Programmübersicht. --------------------------------------------- https://futurezone.at/netzpolitik/33c3-programm-was-vom-hacker-kongress-zu-… *** Netgear-Sicherheitslücke: Updates für vier betroffene Router fertig *** --------------------------------------------- Für die Router R6250, R6400, R7000 und R8000 stehen ab sofort Firmware-Updates zur Verfügung. Die Installation der Updates wird dringend empfohlen. Für weitere sieben Router mit Sicherheitslücke steht bisher nur die Beta-Version zum Download bereit. --------------------------------------------- https://heise.de/-3578415 *** Antivirensoftware: Die Schlangenöl-Branche *** --------------------------------------------- Antivirenprogramme gelten Nutzern und Systemadministratoren als unverzichtbar. Doch viele IT-Sicherheitsexperten sind extrem skeptisch. Antivirensoftware ist oft selbst voller Sicherheitslücken - und hat sehr grundsätzliche Grenzen. --------------------------------------------- http://www.golem.de/news/antivirensoftware-die-schlangenoel-branche-1612-12… *** Panasonic Plays Down Security Bugs Found in Airplane In-Flight Entertainment Systems *** --------------------------------------------- Security firm IOActive published research yesterday detailing security flaws in .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/panasonic-plays-down-securit… *** How Skype fixes security vulnerabilities *** --------------------------------------------- This post describes my fruitless effort to convince Microsoft employees that their service is vulnerable, and the humiliation one has to go through should one’s account be blocked by a hacker. This is a story of ignorance, pain and despair. --------------------------------------------- https://hub.zhovner.com/geek/how-skype-fixes-security-vulnerabilities/ *** Beliebte Passwörter: "Arschloch" unter den Top Ten *** --------------------------------------------- http://derstandard.at/2000049660283 *** Berlin-Anschlag: DDOS-Angriff auf Hinweisportal *** --------------------------------------------- http://derstandard.at/2000049672324 *** Linux/Rakos, the new Linux malware threatening devices and servers *** --------------------------------------------- A new Linux malware, dubbed Linux/Rakos is threatening devices and servers. The malware searches for victims via SSH scan. A new Linux malware, dubbed .. --------------------------------------------- http://securityaffairs.co/wordpress/54603/malware/linuxrakos-malware.html *** XSA-203 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-203.html *** XSA-202 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-202.html *** Auswertung: "Hallo" ist Deutschlands meistgenutztes Passwort *** --------------------------------------------- Eine Auswertung von Passwörtern aus frei zugänglichen Daten-Leaks hat ergeben, dass die meistgenutzten Passwörter in Deutschland alles andere als sicher sind. Nach "hallo" finden sich auch die Klassiker "passwort" und "passwort1" in der Liste. --------------------------------------------- http://www.golem.de/news/auswertung-hallo-ist-deutschlands-meistgenutztes-p… *** Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability *** --------------------------------------------- A vulnerability in the Docker Engine configuration of Cisco CloudCenterOrchestrator (CCO; formely CliQr) could allow an unauthenticated, remote .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…

1 0

Tageszusammenfassung - Dienstag 20-12-2016
by Daily end-of-shift report 20 Dec '16

20 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Montag 19-12-2016 18:00 − Dienstag 20-12-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a *** OpenSSH verabschiedet sich von SSHv1 *** --------------------------------------------- Die gerade veröffentlichte Version OpenSSH 7.4 entfernt die Unterstützung für das veraltete Protokoll SSHv1 auf Server-Seite. Im August soll es ganz beerdigt werden. Darüber hinaus gibt es auch ein paar Bug-Fixes. --------------------------------------------- https://heise.de/-3576071 *** Adobe Releases Flash Player 24 for Linux Four Years After the Last Major Update *** --------------------------------------------- Adobe released today Flash Player 24 for Linux, after previously abandoning the application without explanation in 2012. Flash Player for Linux is now on par with Windows and .. --------------------------------------------- https://www.bleepingcomputer.com/news/software/adobe-releases-flash-player-… *** ShadowBrokers Dump Came from Internal Code Repository, Insider *** --------------------------------------------- Researchers at Flashpoint said their analysis of the latest ShadowBrokers dump of NSA tools leads them to believe an insider with access to a code repository stole the data. --------------------------------------------- http://threatpost.com/shadowbrokers-dump-came-from-internal-code-repository… *** Raiding the Piggy Bank: Webshell Secrets Revealed *** --------------------------------------------- Introduction A recent investigation into credit card fraud that was enabled by a webshell revealed several .. --------------------------------------------- https://www.trustwave.com/Resources/SpiderLabs-Blog/Raiding-the-Piggy-Bank-… *** Unrestricted Backend Login Backdoor on OpenCart *** --------------------------------------------- >From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. We call them backdoors. Backdoors can be done in different ways, either by adding fake admin users to the site, or .. --------------------------------------------- https://blog.sucuri.net/2016/12/unrestricted-backend-login.html *** "How do you say Ground Hog Day in Ukrainian?" *** --------------------------------------------- http://ics.sans.org/blog/2016/12/20/how-do-you-say-ground-hog-day-in-ukrain… *** XSA-204 *** --------------------------------------------- http://xenbits.xen.org/xsa/advisory-204.html *** Ubuntu: Schwerer Fehler erlaubt Einschmuggeln von Schadcode *** --------------------------------------------- Crash-Reporter erwies sich als unbeabsichtigtes Einfallstor – Canonical bereinigt Bug mit Update --------------------------------------------- http://derstandard.at/2000049548961 *** Krypto-Messenger Signal in Ägypten blockiert *** --------------------------------------------- In Ägypten wird offenbar seit dem Wochenende Signal blockiert. Der Betreiber des Krypto-Messengers .. --------------------------------------------- https://heise.de/-3576578 *** Nagios Core ist angreifbar: Sicherheitslücken in Server-Überwachungssoftware *** --------------------------------------------- Nagios Core, eine Software zur Server-Überwachung, weist derzeit zwei kritische Sicherheitslücken auf. Angreifer können durch sie die absolute Systemkontrolle erhalten. Die aktuelle Version 4.2.4 schließt die Lücken. --------------------------------------------- https://heise.de/-3576359 *** Project Wycheproof: Krypto-Implementierung auf Sicherheit abklopfen *** --------------------------------------------- Von AES über ECDH bis RSA: Admins können mit Googles Project Wycheproof eine Sammlung von Tests auf ihre Server loslassen, um die Sicherheit der Konfiguration von Krpyto-Funktionen zu testen. --------------------------------------------- https://heise.de/-3576686 *** Ethereum Cryptocurrency Forum Suffers Data Breach *** --------------------------------------------- Administrators of the Ethereum Project have announced today a data breach that affected over 16,500 users of the platforms community forums. The breach took place .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ethereum-cryptocurrency-foru… *** Türkei blockiert wohl mit Deep Packet Inspection Zugang zu Tor *** --------------------------------------------- Türkische Provider blockieren offenbar seit dem Wochenende den direkten Zugang zum Anonymisierungsdienst Tor. Um die Verbindungsversuche zu identifizieren, kommt offenbar Deep Packet Inspection zum Einsatz. --------------------------------------------- https://heise.de/-3577109 *** Alice: A Lightweight, Compact, No-Nonsense ATM Malware *** --------------------------------------------- Trend Micro has discovered a new family of ATM malware called Alice, which is the most stripped down ATM malware family we have ever encountered. Unlike other .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/alice-lightweigh… *** Offizielles Forum der Krypto-Währung Ethereum gehackt *** --------------------------------------------- Unbekannte Angreifer haben Daten von rund 16.500 Nutzern abgezogen. Darunter finden sich auch Passwörter, die aber zum Großteil mit einem als sicher geltenden Verfahren geschützt sind. --------------------------------------------- https://heise.de/-3577111 *** Op-ed: Why I’m not giving up on PGP *** --------------------------------------------- http://arstechnica.com/information-technology/2016/12/signal-does-not-repla… *** Gefälschte card complete-Mail: Ihre Karte wurde gesperrt! *** --------------------------------------------- Kriminelle versenden eine gefälschte card complete-Nachricht. Darin behaupten sie, dass die Bank die Karte gesperrt habe. Kund/innen sollen sie deshalb .. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-card-complete-mail-i… *** VMSA-2016-0023 *** --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2016-0023.html *** Sicherheitslücke bei Routern: Netgear liefert erste finale Firmware-Updates *** --------------------------------------------- Nach der schwerwiegenden Sicherheitslücke stellt Netgear erste Updates zur Verfügung. Für sieben betroffene Router liegen weiterhin nur Beta-Versionen vor. --------------------------------------------- http://www.golem.de/news/sicherheitsluecke-bei-routern-netgear-liefert-erst… *** Report: $3-5M in Ad Fraud Daily from ‘Methbot’ *** --------------------------------------------- New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video .. --------------------------------------------- https://krebsonsecurity.com/2016/12/report-3-5m-in-ad-fraud-daily-from-meth…

1 0

Tageszusammenfassung - Montag 19-12-2016
by Daily end-of-shift report 19 Dec '16

19 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Freitag 16-12-2016 18:00 − Montag 19-12-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Vuln: Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/94947 *** Blocking Powershell Connection via Windows Firewall. *** --------------------------------------------- In my last post, I mapped controls to stop a malicious doc calling out via Powershell. Im now going to cover how using the Windows firewall can stop the attack .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21829 *** The banker that encrypted files *** --------------------------------------------- Many mobile bankers can block a device in order to extort money from its user. But we have discovered a modification of the mobile banking Trojan Trojan-Banker.AndroidOS.Faketoken that went even further – it can encrypt user data. In addition to that, this modification is attacking more than 2,000 financial apps around the world. --------------------------------------------- http://securelist.com/blog/research/76913/the-banker-that-encrypted-files/ *** IBM Security Bulletin: Code execution vulnerability in IBM MessageSight (CVE-2016-5983) *** --------------------------------------------- There is a potential code execution vulnerability in WebSphere Application Server Liberty Profile .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21995510 *** IBM Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server *** --------------------------------------------- The following security issues have been identified in WebSphere Application Server .. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21995683 *** IBM Security Bulletin: Multiple vulnerabilities in IBM WebSphere affect IBM Control Center (CVE-2016-5983, CVE-2016-2923, CVE-2016-3092) *** --------------------------------------------- IBM WebSphere Application Server is shipped as a component of IBM Control Center. Multiple .. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21995686 *** IBM Security Bulletin: Reflected XXS vulnerability in IBM Campaign (CVE-2016-0265) *** --------------------------------------------- Reflected cross-site scripting vulnerability affecting IBM Campaign has been addressed. CVE(s): CVE-2016-0265 .. --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21986033

1 0

Tageszusammenfassung - Freitag 16-12-2016
by Daily end-of-shift report 16 Dec '16

16 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 15-12-2016 18:00 − Freitag 16-12-2016 18:00 Handler: Stephan Richter Co-Handler: n/a *** My Yahoo Account Was Hacked! Now What? *** --------------------------------------------- Many readers are asking what they should be doing in response to Yahoos disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q&A format. --------------------------------------------- https://krebsonsecurity.com/2016/12/my-yahoo-account-was-hacked-now-what/ *** 0-days hitting Fedora and Ubuntu open desktops to a world of hurt *** --------------------------------------------- If your desktop runs a mainstream release of Linux, chances are youre vulnerable. --------------------------------------------- http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-h… *** One, if by email, and two, if by EK: The Cerbers are coming!, (Fri, Dec 16th) *** --------------------------------------------- Introduction One, if by land, and two, if by sea is a phrase used by American poet Henry Wadsworth Longfellow in his poem Paul Reveres Ride first published in 1861. Longfellows poem tells a somewhat fictionalized tale of Paul Revere in 1775 during the American revolution. If British troops came to attack by land, Paul would hang one lantern in a church tower as a signal light. If British troops came by sea, Paul would hang two lanterns. Much like the British arriving by land or by sea, Cerber --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21823&rss *** Phishing: "Es gibt immer noch genügend Opfer" *** --------------------------------------------- Olaf Schwarz, Information Security Officer bei der Direktbank ING-DiBa Austria, über Phishing und andere Betrugsmethoden bei Bankgeschäften im Internet. --------------------------------------------- https://futurezone.at/digital-life/phishing-es-gibt-immer-noch-genuegend-op… *** Hackerangriff auf Thyssenkrupp: Winnti spioniert deutsche Wirtschaft aus *** --------------------------------------------- Der Angriff auf Thyssenkrupp soll auf das Konto der Hackergruppe Winnti gehen, die früher Gaming-Plattformen attackiert hat. Weitere deutsche Firmen sollen betroffen sein. --------------------------------------------- http://www.golem.de/news/hackerangriff-auf-thyssenkrupp-winnti-spioniert-de… *** Microsoft to ditch Flash - sort of *** --------------------------------------------- Edge is getting more granular Flash controls, but that means you wont have to have it on for all sites just so its on for one. --------------------------------------------- https://nakedsecurity.sophos.com/2016/12/16/microsoft-to-ditch-flash-sort-o… *** Mac-Passwort lässt sich über Thunderbolt auslesen *** --------------------------------------------- Mit Hardware von der Stange kann ein Angreifer in rund 30 Sekunden das im Klartext vorliegende Passwort abgreifen und so Apples Festplattenverschlüsselung FileVault überwinden. --------------------------------------------- https://heise.de/-3573385 *** Linux-Sicherheit: Ubuntu-Bug ermöglicht das Ausführen von Schadcode *** --------------------------------------------- Ein schwerer Fehler in Ubuntus Crash-Handler Apport ermöglicht es Angreifern, auf einem Zielrechner beliebigen Code aus der Ferne auszuführen. --------------------------------------------- http://www.golem.de/news/linux-sicherheit-ubuntu-bug-ermoeglicht-das-ausfue… *** Smart Airports: How to protect airport passengers from cyber disruptions *** --------------------------------------------- ENISA publishes a study on "Securing smart airports" providing airport decision makers and security personnel a concrete guide on preventing cyber-attacks and disruptions. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/smart-airports-how-to-protect-a… *** Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161216-… *** SSA-856492 (Last Update 2016-12-16): Limited Entropy in PRNG of Desigo PX Web Modules *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492… *** Bugtraq: [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/archive/1/539934 *** DFN-CERT-2016-2081: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-2081/ *** Security Advisory: TMM vulnerability CVE-2016-9247 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/33/sol33500120.html?… *** Security Advisory: BIG-IP TMM iRules vulnerability CVE-2016-5024 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/92/sol92859602.html?… *** Sentinel 8.0.0 P1 (Sentinel 8.0.0.1) Build 3404 *** --------------------------------------------- Abstract: Sentinel 8.0.0. upgrade patch for Sentinel 7 and 8Document ID: 5264730Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz (65.02 MB)sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz.sha256 (117 bytes)sentinel_server-8.0.0.1-3404.x86_64.tar.gz (2.09 GB)sentinel_server-8.0.0.1-3404.x86_64.tar.gz.sha256 (109 bytes)Products:Sentinel 7SentinelSentinel 7.3Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4Sentinel 7.3.3Sentinel --------------------------------------------- https://download.novell.com/Download?buildid=3iJxPcG2H9M~ *** Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Fatek Automation's PLC WinProladder application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01 *** OmniMetrix OmniView Vulnerabilities *** --------------------------------------------- This advisory contains mitigation details for vulnerabilities in OmniMetrix's OmniView web application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02 *** Mutiple SONY Videoconference Systems do not properly perform authentication *** --------------------------------------------- Mutiple SONY Videoconference Systems do not properly perform authentication. --------------------------------------------- http://jvn.jp/en/jp/JVN42070907/ *** ZDI-16-670: Avira Free Antivirus ssmdrv Kernel Driver Memory Corruption Privilege Escalation Vulnerability *** --------------------------------------------- This vulnerability allows attackers to escalate privileges on vulnerable installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-16-670/ *** ZDI: Autodesk Design Review Remote Code Execution Vulnerabilities *** --------------------------------------------- *** ZDI-16-669: Autodesk Design Review JFIF Buffer Overflow Remote Code Execution Vulnerability *** http://www.zerodayinitiative.com/advisories/ZDI-16-669/ --------------------------------------------- *** ZDI-16-668: Autodesk Design Review PNG Use-After-Free Remote Code Execution Vulnerability *** http://www.zerodayinitiative.com/advisories/ZDI-16-668/ --------------------------------------------- *** ZDI-16-667: Autodesk Design Review BMP Buffer Overflow Remote Code Execution Vulnerability *** http://www.zerodayinitiative.com/advisories/ZDI-16-667/ --------------------------------------------- *** ZDI-16-666: Autodesk Design Review FLI Buffer Overflow Remote Code Execution Vulnerability *** http://www.zerodayinitiative.com/advisories/ZDI-16-666/ --------------------------------------------- *** ZDI-16-665: Autodesk Design Review GIF LZW Out-Of-Bounds Indexing Remote Code Execution Vulnerability *** http://www.zerodayinitiative.com/advisories/ZDI-16-665/ --------------------------------------------- *** ZDI-16-664: Autodesk Design Review JPEG DHT Out-Of-Bounds Indexing Remote Code Execution Vulnerability *** http://www.zerodayinitiative.com/advisories/ZDI-16-664/ --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM StoredIQ (CVE-2016-2177, CVE-2016-2178, CVE-2016-2180) *** http://www-01.ibm.com/support/docview.wss?uid=swg21994870 --------------------------------------------- *** IBM Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher affects Communications Server for Data Center Deployment, Communications Server for AIX, Linux, Linux on System z, and Windows (CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg21995057 --------------------------------------------- *** IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix *** http://www-01.ibm.com/support/docview.wss?uid=swg21993842 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2016-3485 CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21990635 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024669 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 15-12-2016
by Daily end-of-shift report 15 Dec '16

15 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 14-12-2016 18:00 − Donnerstag 15-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** No More Ransom Project Expands with 34 New Partners, 32 New Free Decryption Tools *** --------------------------------------------- The "No More Ransom" project, set up in July by Intel Security, Kaspersky Lab, Europol, and the Dutch National police to help victims of ransomware infections, has expanded today with 34 new partners, and 32 new decryptors that can help ransomware victims unlock their files for free. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/no-more-ransom-project-expan… *** Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe *** --------------------------------------------- Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-p… *** Yahoo muss erneut Massenhack beichten: Eine Milliarde Opfer *** --------------------------------------------- Im September hatte Yahoo einen Hack von über einer halben Milliarde Nutzerkonten bekanntgegeben. Den Rekord hat Yahoo nun gebrochen. Diesmal geht es um über eine Milliarde Konten. Dazu kommen gezielte Attacken mittels Cookies. --------------------------------------------- https://heise.de/-3570674 *** Mobile Ransomware: How to Protect Against It *** --------------------------------------------- In our previous post, we looked at how malware can lock devices, as well as the scare tactics used to convince victims to pay the ransom. Now that we know what bad guys can do, well discuss the detection and mitigation techniques that security vendors can use to stop them. By sharing these details with other researchers, we hope to improve the industrys collective knowledge on mobile ransomware mitigation. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XaGWjnUqHoY/ *** DefCamp Romania 2016 Videos and Slides *** --------------------------------------------- November 10-11, 2016, Bucharest, Romania --------------------------------------------- https://def.camp/archives/2016/ *** The Kings in Your Castle, Pt #5 *** --------------------------------------------- The last part in the article series about analyzing modern APTs deals with naming and attribution of APTs. This is far less trivial than it sounds. Analysts are often facing the same enemy all over again without realizing it. --------------------------------------------- https://blog.gdatasoftware.com/2016/12/29379-the-kings-in-your-castle-pt-5 *** Sicherheitslücken: Updates auch für ältere macOS-Versionen *** --------------------------------------------- Neben den in macOS Sierra und dem Browser Safari gestopften Schwachstellen hat Apple auch Sicherheits-Updates für OS X El Capitan und Yosemite veröffentlicht. Diese beheben eine kritische Schwachstelle. --------------------------------------------- https://heise.de/-3572108 *** Ask Sucuri: How to Stop Brute Force Attacks? *** --------------------------------------------- Again, there is no mystery to this: Enforce a strong password for all the users and a brute force attack will not succeed. The underlying problem, however, is a bit more complicated --------------------------------------------- https://blog.sucuri.net/2016/12/ask-sucuri-how-to-stop-brute-force-attacks.… *** A Backdoor in Skype for Mac OS X *** --------------------------------------------- Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which provides an API to local programs/plugins executing on the local machine. The API is formally known as the Desktop API (previously known as the Skype... --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-… *** 5 Best Password Auditing Tools *** --------------------------------------------- A single weak password exposes your entire network to an external threat. Password hacking is one of the most critical and commonly exploited network security threats. In many ways, passwords should be viewed as your first line of defense where protecting your company's data is concerned. The huge number of data breaches occurs because someone... --------------------------------------------- http://resources.infosecinstitute.com/5-best-password-auditing-tools/ *** DFN-CERT-2016-2040: Netgear Router: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes mit Administratorrechten *** --------------------------------------------- Version 3 (2016-12-15 15:42) Der Hersteller aktualisiert den referenzierten Sicherheitshinweis und bestätigt auch die Verwundbarkeit von DSL-Modems mit den Modellnummern D6220 und D6400. Für alle verwundbaren WLAN- und DSL-Router stehen mittlerweile Firmwareupdates im Beta-Status als temporäre Lösung zur Verfügung. Netgear arbeitet weiter an einer Produktionsversion der Firmware für alle betroffenen Geräte. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-2040/ *** Remote shell execution vulnerability affects Good Enterprise Mobility Server (BSRT-2016-008) *** --------------------------------------------- This advisory addresses a remote shell execution vulnerability that has been discovered in Good Enterprise Mobility Server (GEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited by the requirement that a potential attacker possess access to the internal network and by the functionality of the Karaf command shell. --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000038814 *** Bugtraq: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] *** --------------------------------------------- http://www.securityfocus.com/archive/1/539925 *** F5 Security Advisory: Kerberos vulnerability CVE-2014-4343 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15553.htm… *** Sentinel 7.4 SP4 (Sentinel 7.4.4.0) Build 2904 *** --------------------------------------------- Abstract: Sentinel 7.4.3 upgrade for Sentinel 7.4Document ID: 5264470Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.4.4.0-2904.x86_64.tar.gz (1.74 GB)sentinel_server-7.4.4.0-2904.x86_64.tar.gz.sha256 (109 bytes)Products:SentinelSentinel 7.4.4Sentinel 7.XSentinel 7.2Sentinel 7.4Sentinel 7.3Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4.1Sentinel 7.4.2Sentinel 7.3.3Sentinel 7.4.3Sentinel 7.3.4Superceded Patches:Sentinel 7.4 SP3 --------------------------------------------- https://download.novell.com/Download?buildid=RaGN-vIdupQ~ *** Security Advisory - Stack Overflow Vulnerability in Drive of Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161215-… *** SAP *** --------------------------------------------- *** Vuln: SAP Mobile Defense & Security Remote Authorization Bypass Vulnerability *** http://www.securityfocus.com/bid/94902 --------------------------------------------- *** Vuln: SAP HANA Cockpit Cross Site Scripting Vulnerability *** http://www.securityfocus.com/bid/94897 --------------------------------------------- *** Vuln: SAP HANA Remote Authorization Bypass Vulnerability *** http://www.securityfocus.com/bid/94898 --------------------------------------------- *** Vuln: SAP HANA XS Classic Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94896 --------------------------------------------- *** Vuln: SAP HANA Cockpit Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94910 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances allow web pages to be stored locally (CVE-2016-3024) *** http://www.ibm.com/support/docview.wss?uid=swg21995340 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3021) *** http://www.ibm.com/support/docview.wss?uid=swg21995436 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3023) *** http://www.ibm.com/support/docview.wss?uid=swg21995348 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to incorrect permission assignment (CVE-2016-3022) *** http://www.ibm.com/support/docview.wss?uid=swg21995360 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by cross-site scripting vulnerabilities (CVE-2016-3018) *** http://www.ibm.com/support/docview.wss?uid=swg21995347 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to misconfiguration (CVE-2016-3017) *** http://www.ibm.com/support/docview.wss?uid=swg21995519 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability related to code integrity checking (CVE-2016-3016) *** http://www.ibm.com/support/docview.wss?uid=swg21995518 --------------------------------------------- *** IBM Security Bulletin: IBM Notes is affected with Open Source Apache Struts Vulnerabilities (CVE-2016-1181, CVE-2016-1182) *** http://www-01.ibm.com/support/docview.wss?uid=swg21988182 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) *** http://www-01.ibm.com/support/docview.wss?uid=swg21989337 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3627) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991909 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995989 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSLaffect IBM WebSphere MQ V6.0 on OpenVMS Alpha and Itanium platforms ( CVE-2016-2183 ) *** http://www.ibm.com/support/docview.wss?uid=swg21995922 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-6316, CVE-2016-6317 *** http://www-01.ibm.com/support/docview.wss?uid=swg21991913 --------------------------------------------- *** IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033) *** http://www.ibm.com/support/docview.wss?uid=swg21995545 --------------------------------------------- *** IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991682 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-3485, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991910 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an SQL Injection vulnerability (CVE-2016-3046) *** http://www.ibm.com/support/docview.wss?uid=swg21995527 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information disclosure vulnerability (CVE-2016-3045) *** http://www.ibm.com/support/docview.wss?uid=swg21995435 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3043) *** http://www.ibm.com/support/docview.wss?uid=swg21995446 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4483) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991911 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 14-12-2016
by Daily end-of-shift report 14 Dec '16

14 Dec '16

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 13-12-2016 18:00 − Mittwoch 14-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Facebook helps companies detect rogue SSL certificates for domains *** --------------------------------------------- Facebook has launched a tool that allows domain name owners to discover TLS/SSL certificates that were issued without their knowledge.The tool uses data collected from the many Certificate Transparency logs that are publicly accessible. Certificate Transparency (CT) is a new open standard requiring certificate authorities to disclose the certificate that they issue.Until a few years ago, there was no way of tracking the certificates issued by every certificate authority (CA). At best,... --------------------------------------------- http://www.cio.com/article/3149737/security/facebook-helps-companies-detect… *** MS16-DEC - Microsoft Security Bulletin Summary for December 2016 - Version: 1.0 *** --------------------------------------------- This bulletin summary lists security bulletins released for December 2016. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. --------------------------------------------- https://technet.microsoft.com/en-us/library/security/MS16-DEC *** Patchday: Kritische Lücken in Edge, Windows & Co. *** --------------------------------------------- Microsoft veröffentlicht im Dezember insgesamt zwölf Sicherheitsupdates. Im schlimmsten Fall können Angreifer Computer von Opfern durch den bloßen Aufruf einer manipulierten Webseite kapern. --------------------------------------------- https://heise.de/-3569916 *** MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking *** --------------------------------------------- In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we continue taking down unwanted software, the pesky threats that force onto our computers things that we neither want nor need. BrowserModifier:Win32/Clodaconas, for instance, displays ads when you're browsing the internet. It modifies search results pages so that you see unsolicited ads related to your... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2016/12/13/msrt-december-2016-addr… *** "Statistisch gesehen": Verschlüsselungstrojaner - ein Millionengeschäft *** --------------------------------------------- Petya, Goldeneye - diese und andere Erpressungstrojaner haben weltweit viele Nutzer zur Kasse gebeten. Die Zahlungsmoral hängt nicht zuletzt von Empfehlungen der Behörden ab. Wie viel bisher wo gezahlt wurde, zeigt ein neues... --------------------------------------------- https://heise.de/-3569888 *** Malvertising Campaign Infects Your Router Instead of Your Browser *** --------------------------------------------- Malicious ads are serving exploit code to infect routers, instead of browsers, in order to insert ads in every site users are visiting. Discovered by security researchers from US security firm Proofpoint, this malvertising campaign is powered by a new exploit kit called DNSChanger EK. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/malvertising-campaign-infect… *** Modbus Stager: Using PLCs as a payload/shellcode distribution system *** --------------------------------------------- This weekend I have been playing around with Modbus and I have developed a stager in assembly to retrieve a payload from the holding registers of a PLC. Since there are tons of PLCs exposed to the Internet, I thought whether it would be possible to take advantage of the processing and memory provided by them to store certain payload so that it can be recovered later (from the stager). --------------------------------------------- http://www.shelliscoming.com/2016/12/modbus-stager-using-plcs-as.html *** UAC Bypass in JScript Dropper *** --------------------------------------------- What makes this sample different? After the classic execution of the PE files, it tries to bypass the Windows UAC using a "feature" present in eventvwr.exe. This system tool runs as a high integrity process and uses HKCU / HKCR registry hives to start mmc.exe which opens finally eventvwr.msc. --------------------------------------------- https://isc.sans.edu/diary/UAC+Bypass+in+JScript+Dropper/21813 *** Sophos schließt Dirty-Cow-Lücke in Sicherheitspaket UTM *** --------------------------------------------- Die Unified-Thread-Management-Lüsung von Sophos bekommt Sicherheitsupdates, die mehrere Schwachstellen schließen. --------------------------------------------- https://heise.de/-3570179 *** Electronic Safe Lock Analysis: Part 2 *** --------------------------------------------- After performing an initial tear-down, we were able to map out the device's behaviors and attack surface. We then narrowed our efforts on analyzing the device's BLE wireless communication. The Prologic B01's main feature is that it can be unlocked by a mobile Android or iOS device over BLE. The end result was a fully-automated attack that allows us to remotely compromise any Prologic B01 lock up to 100 yards away. --------------------------------------------- http://www.somersetrecon.com/blog/2016/10/14/electronic-safe-lock-analysis-… *** Microsoft Fixes Windows 10 Issue That Knocked People off the Internet *** --------------------------------------------- Microsft has released KB3206632, a Windows update that fixes an issue introduced in an earlier update that crashed the CDPSVC service and prevented some users from receiving IP address information via the DCHP protocol, used by both home and enterprise-grade routers to connect users to the Internet. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-… *** Xen Security Advisory 200 (CVE-2016-9932) - x86 CMPXCHG8B emulation fails to ignore operand size override *** --------------------------------------------- Impact: A malicious unprivileged guest may be able to obtain sensitive information from the host. --------------------------------------------- http://seclists.org/oss-sec/2016/q4/662 *** PHP: imagefilltoborder stackoverflow on truecolor images (CVE 2016-9933) *** --------------------------------------------- Invalid color causes stack exhaustion by recursive call to function gdImageFillToBorder when the image used is truecolor. This was tested on a 64 bits platform. --------------------------------------------- https://bugs.php.net/bug.php?id=72696 *** Joomla! Security Announcements *** --------------------------------------------- *** [20161203] - Core - Information Disclosure *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/EY3UcBwQtzI/666-20161203-c… --------------------------------------------- *** [20161202] - Core - Shell Upload *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/fI7Ty93n-Rk/665-20161202-c… --------------------------------------------- *** [20161201] - Core - Elevated Privileges *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/OjvlaBoXTCU/664-20161201-c… --------------------------------------------- *** [20161204] - Misc. Security Hardening *** http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/jYB3ItEGbWQ/667-20161204-m… --------------------------------------------- *** Novell Patches *** --------------------------------------------- *** Filr 2.0 - Security Update 3 *** https://download.novell.com/Download?buildid=Am-_TGOll0g~ --------------------------------------------- *** Filr 3.0 - Security Update 1 *** https://download.novell.com/Download?buildid=Qct0ao9jRAI~ --------------------------------------------- *** IDM 4.5 Delimited Text Driver 4.0.2.0 *** https://download.novell.com/Download?buildid=hX_xlukrkNY~ --------------------------------------------- *** Huawei Security Advisories *** --------------------------------------------- *** Security Advisory - Buffer Overflow Vulnerability in Wi-FI Driver of Huawei Smart Phone *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** Security Advisory - DoS Vulnerability in Huawei Firewall *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** Security Advisory - E-mail Information Leak Vulnerability in Android System *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** Security Advisory - Memory Leak Vulnerability in Some Huawei Products *** http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161214-… --------------------------------------------- *** ICS-CERT Advisories *** --------------------------------------------- *** Visonic PowerLink2 Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01 --------------------------------------------- *** Moxa DACenter Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02 --------------------------------------------- *** Delta Electronics WPLSoft, ISPSoft, and PMSoft Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03 --------------------------------------------- *** Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX Vulnerability *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-04 --------------------------------------------- *** Siemens S7-300/400 PLC Vulnerabilities *** https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05 --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect Content Collector for IBM Connections *** https://www-01.ibm.com/support/docview.wss?uid=swg21988356 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Asset analyzer. (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995883 --------------------------------------------- *** IBM Security Bulletin: Sweet32 Birthday attacks on 64-bit block ciphers in TLS affect Content Manager for z/OS (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995455 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in BIND affects IBM Netezza Host Management *** http://www.ibm.com/support/docview.wss?uid=swg21994505 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009647 --------------------------------------------- *** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified. *** http://www.ibm.com/support/docview.wss?uid=ssg1S1009554 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) *** http://www.ibm.com/support/docview.wss?uid=swg21995129 --------------------------------------------- *** IBM Security Bulletin: Password disclosure vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware vSphere GUI (CVE-2016-6034) *** http://www.ibm.com/support/docview.wss?uid=swg21995544 --------------------------------------------- *** IBM Security Bulletin: Potential Information Disclosure vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-5986 *** http://www.ibm.com/support/docview.wss?uid=swg21995745 --------------------------------------------- *** IBM Security Bulletin: Potential Information Disclosure in WebSphere Application Server *** http://www-01.ibm.com/support/docview.wss?uid=swg21991469 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center (CVE-2016-8941, CVE-2016-8942, CVE-2016-8943) *** http://www.ibm.com/support/docview.wss?uid=swg21995128 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily