Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - Mittwoch 5-04-2017
by Daily end-of-shift report 05 Apr '17

05 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 04-04-2017 18:00 − Mittwoch 05-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** WordPress Security - Unwanted Redirects via Infected JavaScript Files *** --------------------------------------------- We've been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into almost every .js file it can find. Previous versions of this malware injected only jquery.js files, but now we remove this code from hundreds of infected files. Due to a bug in the injector code, it also infects files whose extensions contain ".js" (such as .js.php or .json). --------------------------------------------- https://blog.sucuri.net/2017/04/wordpress-security-unwanted-redirects-via-i… *** Encryption inside Utility Industrial Control Systems (ICS) communication protocols: a must to preserve the confidentiality of information and reliability of the industrial process, (Tue, Apr 4th) *** --------------------------------------------- Industrial control systems are sensitive systems that must make decisions in real time to ensure the operation of the industrial process they govern. The latency and reliability in packet transmission is fundamental, since the protocols are connection-oriented but because of the main speed goal, many of them do not have included error recovery schemes other than those included in the TCP / IP stack. Where is it possible to use encryption without affecting the operation of the industrial control... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22260&rss *** Schneider Electric still shipping passwords in firmware *** --------------------------------------------- Youd think a vendor of critical infrastructure would at least pretend to care about security That "dont use hard-coded passwords" infosec rule? Someone needs to use a needle to write it on the corner of Schneider Electrics developers eyes so they dont forget it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/04/05/schneider_i… *** Internetplattform unterstützt Opfer von digitaler Erpressung *** --------------------------------------------- Für Betroffene von digitaler Erpressung ist es besonders wichtig, ihre Dateien schnell und einfach wiederherzustellen. Unter www.nomoreransom.org können verschiedene Entschlüsselungstools nun auch auf Deutsch aufgerufen werden. --------------------------------------------- http://www.bmi.gv.at/cms/bmi/_news/bmi.aspx?id=537A58584930536354666F3D&pag… *** 500.000 US-Dollar Lösegeld: Ransomware-Gangs nehmen Unternehmen aufs Korn *** --------------------------------------------- Sicherheitsforscher haben mindestens acht Gruppen ausgemacht, die sich auf Ransomware-Attacken auf Unternehmen spezialisiert haben. Je nach Anzahl der infizierten PCs und Server steigt das Lösegeld. Summen von bis zu 500.000 US-Dollar sind im Spiel. --------------------------------------------- https://heise.de/-3675612 *** Whitelists: The Holy Grail of Attackers, (Wed, Apr 5th) *** --------------------------------------------- As a defender, take the time to put yourself in the place of a bad guy for a few minutes. Youre writing some malicious code and you need to download payloads from the Internet or hide your code on a website. Once your malicious code spread in the wild, it will be quickly captured by honeypots, IDS, ... (name your best tool) and analysed automatically of manually by the good guys. Their goal of this is to extract abehavioural analysis of the code and generate indicators (IOCs) which will help to... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22262&rss *** Broadcom-Sicherheitslücke: Angriff über den WLAN-Chip *** --------------------------------------------- Googles Project Zero zeigt, wie man ein Smartphone per WLAN übernehmen kann. WLAN-Chips haben heute eigene Betriebssysteme, denen jedoch alle modernen Sicherheitsmechanismen fehlen. --------------------------------------------- https://www.golem.de/news/broadcom-sicherheitsluecke-angriff-ueber-den-wlan… *** Report: 30% of malware is zero-day, missed by legacy antivirus *** --------------------------------------------- At least 30 percent of malware today is new, zero-day malware that is missed by traditional antivirus defenses, according to a new report."Were gathering threat data from hundreds of thousands of customers and network security appliances," said Corey Nachreiner, CTO at WatchGuard Technologies. "We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed... --------------------------------------------- http://www.cio.com/article/3187734/network-security/report-30-of-malware-is… *** Changes coming to TLS: Part Two *** --------------------------------------------- In the first part of this two-part blog we covered certain performance improving features of TLS 1.3, namely 1-RTT handshakes and 0-RTT session resumption. In this part we shall discuss some security and privacy improvements.Remove Obsolete and insecure cryptographic primitivesRemove RSA HandshakesWhen RSA is used for key establishment there is no forward secrecy, which basically means that an adversary can record the encrypted conversation between the client and the server and later if it is... --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2978671 *** Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE *** --------------------------------------------- [...] Then, if the IE is present, its contents are copied into a heap-allocated buffer of length 256. The copy is performed using the length field present in the IE, and at a fixed offset from the buffers start address. Since the length of the FTIE is not verified prior to the copy, this allows an attacker to include a large FTIE (e.g., with a length field of 255), causing the memcpy to overflow the heap-allocated buffer. --------------------------------------------- https://bugs.chromium.org/p/project-zero/issues/detail?id=1046 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- A number of security issues have been identified within Citrix XenServer. The most significant of these issues could, if exploited, allow a malicious administrator of a 64-bit PV guest VM to compromise the host. --------------------------------------------- https://support.citrix.com/article/CTX222565 *** Django Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038177 *** HPE Business Process Monitor Unspecified Flaw Lets Remote Users Access Data on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038176 *** Asterisk Buffer Overflow in Processing CDR User Data Lets Remote Authenticated Users Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1038175 *** Security Advisory - Multiple Buffer Overflow Vulnerabilities in Bastet of Huawei Smart Phone *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… *** Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170405-… *** Schneider Electric Interactive Graphical SCADA System Software *** --------------------------------------------- This advisory contains mitigation details for a DLL hijacking vulnerability in Schneider Electric's Interactive Graphical SCADA System Software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01 *** Marel Food Processing Systems *** --------------------------------------------- This advisory contains mitigation details for hard-coded passwords and unrestricted upload vulnerabilities in Marel's Food Processing Systems. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-02 *** Rockwell Automation Allen-Bradley Stratix and Allen-Bradley ArmorStratix *** --------------------------------------------- This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automation's Allen-Bradley Stratix and ArmorStratix Industrial Ethernet and Distribution switches. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-094-03 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Opportunity Detect (CVE-2017-5638) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001388 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerability (CVE-2017-3302) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999203 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (multiple CVEs) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999202 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Database Activity Monitor *** http://www-01.ibm.com/support/docview.wss?uid=swg21999580 --------------------------------------------- *** Fortinet PSIRT Advisories *** --------------------------------------------- *** FortiClient SSLVPN Linux - Root privilege escalation with subproc *** http://fortiguard.com/psirt/FG-IR-16-041 --------------------------------------------- *** FortiClient SSLVPN Linux - Arbitrary write to log file *** http://fortiguard.com/psirt/FG-IR-16-069 --------------------------------------------- *** Multiple vulnerabilities in Linux kernels through 4.6.3 *** http://fortiguard.com/psirt/FG-IR-16-052 --------------------------------------------- *** Unauthenticated XSS (Cross Site Scripting) in FortiMail *** http://fortiguard.com/psirt/FG-IR-17-011 --------------------------------------------- *** Linux kernel - challenge ack information leak *** http://fortiguard.com/psirt/FG-IR-16-047 --------------------------------------------- *** F5 Security Advisories *** --------------------------------------------- *** BIG-IP file validation vulnerability CVE-2015-8022 *** https://support.f5.com/csp/article/K12401251 --------------------------------------------- *** OpenSSL vulnerability CVE-2015-3195 *** https://support.f5.com/csp/article/K12824341 --------------------------------------------- *** OpenSSH vulnerability CVE-2016-6210 *** https://support.f5.com/csp/article/K14845276 --------------------------------------------- *** Expat XML library vulnerability CVE-2015-1283 *** https://support.f5.com/csp/article/K15104541 --------------------------------------------- *** glibc vulnerability CVE-2016-3075 *** https://support.f5.com/csp/article/K15439022 --------------------------------------------- *** libxml2 vulnerability CVE-2016-1834 *** https://support.f5.com/csp/article/K16712298 --------------------------------------------- *** glibc vulnerability CVE-2016-4429 *** https://support.f5.com/csp/article/K17075474 --------------------------------------------- *** TMM vulnerability CVE-2016-5023 *** https://support.f5.com/csp/article/K19784568 --------------------------------------------- *** Linux kernel vulnerability CVE-2013-7446 *** https://support.f5.com/csp/article/K20022580 --------------------------------------------- *** OpenSSH vulnerability CVE-2015-8325 *** https://support.f5.com/csp/article/K20911042 --------------------------------------------- *** NTP vulnerability CVE-2015-7976 *** https://support.f5.com/csp/article/K21230183 --------------------------------------------- *** Linux kernel vulnerability CVE-2011-5321 *** https://support.f5.com/csp/article/K21632201 --------------------------------------------- *** TMM vulnerability CVE-2016-9245 *** https://support.f5.com/csp/article/K22216037 --------------------------------------------- *** glibc vulnerability CVE-2015-8776 *** https://support.f5.com/csp/article/K23946311 --------------------------------------------- *** OpenSSL vulnerability CVE-2016-0800 *** https://support.f5.com/csp/article/K23196136 --------------------------------------------- *** libarchive vulnerability CVE-2016-5844 *** https://support.f5.com/csp/article/K24036027 --------------------------------------------- *** ISC DHCP vulnerability CVE-2016-2774 *** https://support.f5.com/csp/article/K30409575 --------------------------------------------- *** Java commons-collections library vulnerability CVE-2015-4852 *** https://support.f5.com/csp/article/K30518307 --------------------------------------------- *** PHP vulnerability CVE-2016-4070 *** https://support.f5.com/csp/article/K42065024 --------------------------------------------- *** NTP vulnerability CVE-2016-2519 *** https://support.f5.com/csp/article/K41613034 --------------------------------------------- *** GnuPG vulnerability CVE-2013-4402 *** https://support.f5.com/csp/article/K40131068 --------------------------------------------- *** libarchive vulnerability CVE-2016-8688 *** https://support.f5.com/csp/article/K35263486 --------------------------------------------- *** PHP vulnerability CVE-2016-3074 *** https://support.f5.com/csp/article/K34958244 --------------------------------------------- *** OpenSSL vulnerability CVE-2016-7056 *** https://support.f5.com/csp/article/K32743437 --------------------------------------------- *** OpenSSH vulnerability CVE-2016-10009 *** https://support.f5.com/csp/article/K31440025 --------------------------------------------- *** BIG-IP APM access logs vulnerability CVE-2016-1497 *** https://support.f5.com/csp/article/K31925518 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 4-04-2017
by Daily end-of-shift report 04 Apr '17

04 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 03-04-2017 18:00 − Dienstag 04-04-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Lazarus Under The Hood *** --------------------------------------------- Today wed like to share some of our findings, and add something new to whats currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank. --------------------------------------------- http://securelist.com/blog/sas/77908/lazarus-under-the-hood/ *** APT10 - Operation Cloud Hopper *** --------------------------------------------- Written by Adrian Nish and Tom RowlesBACKGROUNDFor many businesses the network now extends to suppliers who provide management of applications, cloud storage, helpdesk, and other functions. With the right integration and service levels Managed Service Providers (MSPs) can become a key enabler for businesses by allowing them to focus on their core mission while suppliers take care of background tasks. However, the network connectivity which exists between MSPs and their customers also provides a... --------------------------------------------- http://baesystemsai.blogspot.com/2017/04/apt10-operation-cloud-hopper_3.html *** WLAN-Lücke: Apple reicht Bugfix-Update für iOS 10.3 nach *** --------------------------------------------- iOS 10.3.1 behebt einen schwerwiegenden Fehler, über den ein Angreifer Code auf dem WLAN-Chip ausführen könnte. Außerdem lassen sich 32-Bit-Versionen nun wieder direkt auf dem Gerät installieren. --------------------------------------------- https://heise.de/-3674340 *** NSO Group: Pegasus-Staatstrojaner für Android entdeckt *** --------------------------------------------- Nach der iOS-Version des Staatstrojaners Pegasus haben Sicherheitsforscher auch eine Version für Android gefunden. Diese nutzt keine Zero-Day-Exploits und kann auch ohne vollständige Infektion Daten übertragen. --------------------------------------------- https://www.golem.de/news/nso-group-pegasus-staatstrojaner-fuer-android-ent… *** Cloudmark kündigt überraschend DANE/TLSA für Mail-Sicherheit an *** --------------------------------------------- Der überraschende Schritt des Internet-Schwergewichts erscheint bedeutsam, weil er die Mail-Sicherheitstechnik stärkt und zugleich als eine deutliche Absage an das Konzept der Certification Authorities gelesen werden kann. --------------------------------------------- https://www.heise.de/newsticker/meldung/Cloudmark-kuendigt-ueberraschend-DA… *** Betriebssystem Tizen für Samsung-Geräte von Sicherheitslücken durchsiebt *** --------------------------------------------- Ein Sicherheitsforscher hat den Code von Samsungs Tizen analysiert und zieht ein desaströses Resümee. Das Betriebssystem dient als Basis für mobile Geräte und Fernseher des Herstellers. --------------------------------------------- https://heise.de/-3674713 *** Kaspersky: Geldautomaten mit 15-US-Dollar-Bastelcomputer leergeräumt *** --------------------------------------------- Am Ende bleibt nur ein golfballgroßes Loch und das Geld ist weg: Kaspersky hat einen neuen Angriff auf Geldautomaten vorgestellt. Bei dem Angriff werden physische Beschädigung und Hacking kombiniert. Betroffen sind weit verbreitete Modelle aus den 90er Jahren. --------------------------------------------- https://www.golem.de/news/kaspersky-geldautomaten-mit-15-us-dollar-bastelco… *** How Hackers Hijacked a Bank's Entire Online Operation *** --------------------------------------------- Researchers at Kaspersky say a Brazilian banks entire online footprint was commandeered in a five-hour heist. --------------------------------------------- https://www.wired.com/2017/04/hackers-hijacked-banks-entire-online-operatio… *** Workshop on Software Security in industrial area *** --------------------------------------------- May 09, 2017 - 4:00 pm - 6:30 pm Bachmann electronic GmbH Kreuzäckerweg 33 Feldkirch --------------------------------------------- https://www.sba-research.org/events/workshop-on-software-security-in-indust… *** CVE-2017-7228 - x86: broken check in memory_exchange() permits PV guest breakout *** --------------------------------------------- A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks. --------------------------------------------- https://xenbits.xen.org/xsa/advisory-212.html *** Bugtraq: The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. *** --------------------------------------------- http://www.securityfocus.com/archive/1/540365 *** Bugtraq: OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. *** --------------------------------------------- http://www.securityfocus.com/archive/1/540364 *** VU#307983: AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references *** --------------------------------------------- Vulnerability Note VU#307983 AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references Original Release date: 04 Apr 2017 | Last revised: 04 Apr 2017 Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of Untrusted DataSome Java... --------------------------------------------- http://www.kb.cert.org/vuls/id/307983 *** DFN-CERT-2017-0569: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0569/ *** DFN-CERT-2017-0571: Red Hat JBoss A-MQ, JBoss Fuse: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0571/ *** Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection *** --------------------------------------------- Topic: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Risk: High Text:# Exploit Title: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (t... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040006 *** D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery *** --------------------------------------------- Topic: D-Link DIR 615 HW T1 FW 20.09 Cross-Site Request Forgery Risk: Medium Text:*Title:* = D-Link DIR 615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability *Credit... --------------------------------------------- https://cxsecurity.com/issue/WLB-2017040008 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 *** http://www-01.ibm.com/support/docview.wss?uid=swg21999999 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache ActiveMQ affects IBM Control Center (CVE-2016-6810) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001326 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view incorrect item sets that they should not have access to view (CVE-2016-8987) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996255 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in IBM WebSphere Application Server in Bluemix MQ JCA Resource adapter (CVE-2016-0360) *** http://www.ibm.com/support/docview.wss?uid=swg22000834 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM) *** http://wwwbeta-sso.toronto.ca.ibm.com:81/support/entry2/portal/docdisplay?l… ---------------------------------------------

1 0

Tageszusammenfassung - Montag 3-04-2017
by Daily end-of-shift report 03 Apr '17

03 Apr '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 31-03-2017 18:00 − Montag 03-04-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** EvilEye: Malware kapert Webcam, um Werbung zu personalisieren *** --------------------------------------------- Eine auf "EvilEye" getaufte Spyware sucht per übernommener Webcam nach Produkten des Computernutzers, um ihm gezielt personalisierte Werbung anzuzeigen und daran .. --------------------------------------------- https://heise.de/-3664941 *** Gigabyte Firmware Flaws Allow the Installation of UEFI Ransomware *** --------------------------------------------- Yesterday, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/gigabyte-firmware-flaws-allo… *** Weitere Lücke in LastPass geschlossen, neue Version verfügbar *** --------------------------------------------- Lastpass hat eine vor wenigen Tagen gefundene Sicherheitslücke in seinen Erweiterungen für diverse Browser geschlossen. Anwender sollten umgehend aktualisieren. --------------------------------------------- https://heise.de/-3672957 *** Vuln: Moodle CVE-2017-7298 Cross Site Scripting Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97182 *** Angriffswerkzeug Metasploit hackt jetzt auch Zombie-IIS *** --------------------------------------------- Etwa ein Prozent der weltweiten Webserver laufen mit einer verwundbaren Version von Microsofts Internet .. --------------------------------------------- https://heise.de/-3673038 *** Miele Professional PG 8528 Vulnerability *** --------------------------------------------- NCCIC/ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept .. --------------------------------------------- https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-089-01 *** Smart-TV-Hack: Schadcode über DVB-T ermöglicht Übernahme aus der Ferne *** --------------------------------------------- Einem Sicherheitsexperten ist es gelungen, volle Kontrolle über einen Fernseher zu übernehmen, in dem er in das DVB-T-Signal Code einschleuste, der eine Sicherheitslücke in der HbbTV-Applikation des Geräts ausnutzt. --------------------------------------------- https://www.heise.de/newsticker/meldung/Smart-TV-Hack-Schadcode-ueber-DVB-T… *** Tech support scams persist with increasingly crafty techniques *** --------------------------------------------- Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/04/03/tech-support-scams-pers… *** IBM Security Bulletin:Open Source Apache Poi Vulnerability in IBM eDiscovery Manager *** --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21992041 *** IBM Security Bulletin:Open Source Apache Tomcat,Commons FileUpload Vulnerabilities affects WebSphere App Server in IBM eDiscovery Manager *** --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg21991962 *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024915 *** IBM Security Bulletin: Persistent cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1140) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21999133 *** IBM Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=nas8N1021837 *** IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024825 *** Skype: Bösartige Werbung verteilt Fake-Flash-Update *** --------------------------------------------- Anwender berichten davon, in Skype Werbebanner untergeschoben bekommen zu haben, die beim Klick ein gefälschtes Flash-Update herunterladen. Dabei handelt es sich um Schadcode. --------------------------------------------- https://heise.de/-3674229 *** Cryptowars: Ahnungslose EU-Kommissarin redet über Whatsapp-Daten *** --------------------------------------------- EU-Justizkommissarin Vera Jourová will der Polizei ermöglichen, leichter Zugang zu Daten von Internetdienstleistern .. --------------------------------------------- https://www.golem.de/news/cryptowars-ahnungslose-eu-kommissarin-redet-ueber…

1 0

Tageszusammenfassung - Freitag 31-03-2017
by Daily end-of-shift report 31 Mar '17

31 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 30-03-2017 18:00 − Freitag 31-03-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22000768 *** IBM Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998887 *** Spotting a Hidden SEO Hack: “Play One” *** --------------------------------------------- SEO hacks continue to plague websites as attackers abuse SERP rankings for their own gain. The time and effort spent by the website owner creating content, optimizing pages and building .. --------------------------------------------- https://blog.sucuri.net/2017/03/spotting-a-hidden-seo-hack-play-one.html *** Schneider Electric Modicon PLCs *** --------------------------------------------- This advisory contains mitigation details predictable value range from previous values, use of insufficiently random values, and insufficiently protected credentials vulnerabilities in Schneider Electrics Modicon PLCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-089-02 *** Researchers steal data from shared cache of two cloud VMs *** --------------------------------------------- All of a sudden dedicated instances are looking a lot better than multi-tenancy A group of researchers, one .. --------------------------------------------- www.theregister.co.uk/2017/03/31/researchers_steal_data_from_shared_cache_o… *** Novell: Sentinel 8.0 SP1 (Sentinel 8.0.1.0) Build 3512 *** --------------------------------------------- https://download.novell.com/Download?buildid=M7_yJE9WOXE~ *** Celebrate World Backup Day the Smarter Way *** --------------------------------------------- In an effort to help the community be more cyber aware, WorldBackupDay.com celebrates on March 31st .. --------------------------------------------- https://www.webroot.com/blog/2017/03/31/celebrate-world-backup-day-smarter-… *** Samsung Galaxy S8s Facial Unlocking Feature Can Be Fooled With A Photo *** --------------------------------------------- All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire .. --------------------------------------------- http://thehackernews.com/2017/03/samsung-galaxy-s8-facial-unlocking.html *** Studie: TK-Infrastruktur hoffnungslos unsicher – Verschlüsselung Fehlanzeige *** --------------------------------------------- Der amerikanische Pendant zur Bundesnetzagentur hat die Sicherheit des für die Telekommunikations-Infrastruktur unverzichtbaren SS7-Protokolls untersucht. Die Bilanz ist haarsträubend; die Arbeitsgruppe empfiehlt Ende-zu-Ende-Verschlüsselung. --------------------------------------------- https://heise.de/-3671794 *** l+f: Flash für eine Handvoll Dollar *** --------------------------------------------- FedEx Office macht seinen Kunden ein unmoralisches Angebot. --------------------------------------------- https://heise.de/-3672139 *** Pornhub und Youporn stellen auf https um *** --------------------------------------------- Die beiden Pornoseiten wollen ihren Nutzern mehr Datenschutz ermöglichen --------------------------------------------- http://derstandard.at/2000055192256

1 0

Tageszusammenfassung - Donnerstag 30-03-2017
by Daily end-of-shift report 30 Mar '17

30 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 29-03-2017 18:00 − Donnerstag 30-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Tech support scammers and their banking woes *** --------------------------------------------- We all know about tech support scams by this point. Unfortunately for the scammers, banks know this as well, making it quite difficult at times to maintain an account to store the criminal's ill-gotten gains. So how does the enterprising criminal cash out with your money? Let's take a look. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/03/tech-support-scammers-and-… *** Security Advisory - Exposed System Interface Vulnerability on Huawei Smart Phones *** --------------------------------------------- There is a exposed system interface vulnerability on smart phones. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties. CVE-2017-2735 --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170329-… *** Widespread Email Scam Targets Github Developers with Dimnie Trojan *** --------------------------------------------- Open source developers who use the popular code-sharing site GitHub were put on alert after the discovery of a phishing email campaign that attempts to infect their computers with an advanced malware trojan. Dubbed Dimnie, the reconnaissance and espionage trojan has the ability to harvest credentials, download sensitive files, take screenshots, log keystrokes on 32-bit and 64-bit ... --------------------------------------------- http://thehackernews.com/2017/03/github-email-scam.html *** Vuln: EMC Isilon OneFS CVE-2017-4980 Directory Traversal Vulnerability *** --------------------------------------------- EMC Isilon OneFS is prone to a directory-traversal vulnerability. A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. --------------------------------------------- http://www.securityfocus.com/bid/97222 *** [SANS ISC] Diverting built-in features for the bad *** --------------------------------------------- I published the following diary on isc.sans.org: 'Diverting built-in features for the bad'. Sometimes you may find very small pieces of malicious code. Yesterday, I caught this very small Javascript sample with only 2 lines of code --------------------------------------------- https://blog.rootshell.be/2017/03/30/sans-isc-diverting-built-features-bad/ *** Trend Micro InterScan Web Security Virtual Appliance Unspecified Flaws Let Remote Users Execute Arbitrary Code on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1038161 *** Mirai-Botnetz lernt neue Tricks *** --------------------------------------------- Das IoT-Botnetz Mirai beherrscht neuerdings auch DDoS-Angriffe auf dem Application Layer. Diese sind schwer zu entdecken und damit auch relativ schwer abzuwehren. --------------------------------------------- https://heise.de/-3670226 *** Hashfunktion: Der schwierige Abschied von SHA-1 *** --------------------------------------------- Die Hashfunktion SHA-1 ist seit kurzem endgültig gebrochen. Doch an vielen Stellen ist SHA-1 noch im Einsatz. Beispielsweise in Git, in Bittorrent und - was manche überraschen wird - auch in TLS. (SHA-1, Google) --------------------------------------------- https://www.golem.de/news/hashfunktion-der-schwierige-abschied-von-sha-1-17… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Algo One - Algo Risk Application (ARA) could allow retrieval of restricted files *** http://www.ibm.com/support/docview.wss?uid=swg21999892 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale packaged the Elastic Storage Server and the GPFS Storage Server *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010042 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in the GSKit component of Tivoli Netcool/OMNIbus (CVE-2016-2183) *** https://www-01.ibm.com/support/docview.wss?uid=swg22001105 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998701 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat affect Intel (R) Manycore Platform Software Stack (MPSS) for Linux and Windows *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5… --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Document Manager Privilege Escalation (CVE-2017-1180) *** http://www.ibm.com/support/docview.wss?uid=swg22001084 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities have been identified in data server connection and product integration shipped with InfoSphere Optim Query Workload Tuner [for LUW, z/OS *** http://www.ibm.com/support/docview.wss?uid=swg22000601 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition *** http://www.ibm.com/support/docview.wss?uid=swg22000398 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM WebSphere MQ and IBM MQ Appliance (CVE-2016-5597) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000904 --------------------------------------------- *** IBM Security Bulletin: IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management vulnerable to cross-site request forgery (CSRF) *** http://www.ibm.com/support/docview.wss?uid=swg22000771 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 29-03-2017
by Daily end-of-shift report 29 Mar '17

29 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-03-2017 18:00 − Mittwoch 29-03-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** World Backup Day is as good as any to back up your data *** --------------------------------------------- In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger. That’s why it’s .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/03/28/world-backup-day-is-as-… *** Siemens RUGGEDCOM ROX I *** --------------------------------------------- This advisory contains mitigation details for improper authorization, cross-site scripting, and cross-site request forgery vulnerabilities in the Siemens RUGGEDCOM ROX I. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01 *** 3S-Smart Software Solutions GmbH CODESYS Web Server *** --------------------------------------------- This advisory contains mitigation details for arbitrary file upload and stack buffer overflow vulnerabilities in the 3S-Smart Software Solutions GmbH CODESYS Web Server. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-087-02 *** FBI warns of attacks on anonymous FTP servers *** --------------------------------------------- The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental .. --------------------------------------------- http://www.cio.com/article/3185882/security/fbi-warns-of-attacks-on-anonymo… *** About the security content of iCloud for Windows 6.2 *** --------------------------------------------- https://support.apple.com/en-us/HT207607 *** Ransomware: Scammer erpressen Besucher von Pornoseiten *** --------------------------------------------- Über einen Fehler in Apples Safari für iPhone blockieren Unbekannte den Browser mit einem immer .. --------------------------------------------- https://www.golem.de/news/ransomware-scammer-erpressen-besucher-von-porno-s… *** Benutzt hier jemand JSON Encryption?If you are using ... *** --------------------------------------------- Benutzt hier jemand JSON Encryption?If you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4 with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web .. --------------------------------------------- http://blog.fefe.de/?ts=a6254421 *** Vuln: ImageMagick Incomplete Fix CVE-2017-7275 Memory Corruption Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97166 *** "Cyber-Angriff" im Bundestag: Anscheinend eine gewöhnliche Malvertising-Kampagne *** --------------------------------------------- Deutsche Medien berichten von einem erneuten Hackerangriff auf den Bundestag. Dabei scheint es sich um Abgeordnete zu handeln, die Opfer von verseuchter Werbung auf der Webseite einer israelischen Zeitung geworden sind. Infektionen gab es keine. --------------------------------------------- https://heise.de/-3668761 *** Escaping a Python sandbox with a memory corruption bug *** --------------------------------------------- https://medium.com/@gabecpike/python-sandbox-escape-via-a-memory-corruption… *** DFN-CERT-2017-0543: AppArmor: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen *** --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine speziell präparierte Anwendung uneingeschränkt auf einem betroffenen System einsetzen, da über AppArmor .. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0543/ *** Ausbruch aus der VM: VMware schließt kritische Pwn2Own-Lücken *** --------------------------------------------- VMware hat Sicherheitslücken in VMware Workstation, Fusion und ESXi geschlossen, mit deren Hilfe Sicherheitsforscher beim Pwn2Own-Wettbewerb aus virtuellen Maschinen ausgebrochen und das Host-System gekapert hatten. --------------------------------------------- https://heise.de/-3669902 *** PMASA-2017-8 *** --------------------------------------------- https://www.phpmyadmin.net/security/PMASA-2017-8/ *** Ebury-Rootkit: Russischer Hacker bekennt sich schuldig *** --------------------------------------------- Ein russsischer Staatsbürger hat in den USA seine Beteiligung am Auf- und Ausbau des Ebury-Botnetzes eingestanden. Ebury befällt vor allem Linux-Server und greift SSH-Logins ab. --------------------------------------------- https://heise.de/-3669617 *** Browser-Plug-in Crusader injiziert falsche Support-Telefonnummern in Webseiten *** --------------------------------------------- Eine neue Schadcode-Variante integriert sich in den Browser und tauscht Suchergebnisse aus. Dadurch kann der Anwender auf Affiliate-Seiten umgelenkt werden. Außerdem ist es möglich, ihm falsche Support-Telefonnummern unterzuschieben. --------------------------------------------- https://heise.de/-3670102 *** GitHub Users Targeted with Dimnie Trojan *** --------------------------------------------- https://www.bleepingcomputer.com/news/security/github-users-targeted-with-d…

1 0

Tageszusammenfassung - Dienstag 28-03-2017
by Daily end-of-shift report 28 Mar '17

28 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-03-2017 18:00 − Dienstag 28-03-2017 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl *** Bugtraq: APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS *** --------------------------------------------- http://www.securityfocus.com/archive/1/540325 *** APT29 Used Domain Fronting, Tor to Execute Backdoor *** --------------------------------------------- APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running. --------------------------------------------- http://threatpost.com/apt29-used-domain-fronting-tor-to-execute-backdoor/12… *** New Clues Surface on Shamoon 2’s Destructive Behavior *** --------------------------------------------- Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks. --------------------------------------------- http://threatpost.com/new-clues-surface-on-shamoon-2s-destructive-behavior/… *** Vuln: GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities *** --------------------------------------------- GnuTLS GNUTLS-SA-2017-3 Multiple Security Vulnerabilities --------------------------------------------- http://www.securityfocus.com/bid/97040 *** Neue Sicherheitslücke im Passwort-Manager LastPass *** --------------------------------------------- Bereits zum zweiten Mal innerhalb kurzer Zeit ist der populäre Passwort-Manager mit einer Schwachstelle konfrontiert. --------------------------------------------- https://futurezone.at/produkte/neue-sicherheitsluecke-im-passwort-manager-l… *** Symantec API Flaws reportedly let attackers steal Private SSL Keys and Certificates *** --------------------------------------------- A security researcher has disclosed critical issues in the processes and third-party API used by Symantec certificate resellers to deliver and manage Symantec SSL .. --------------------------------------------- https://thehackernews.com/2017/03/symantec-ssl-certificates.html *** Threat Landscape for Industrial Automation Systems, H2 2016 *** --------------------------------------------- On average, in the second half of 2016 Kaspersky Lab products across the globe blocked attempted attacks on 39.2% of protected computers that Kaspersky Lab ICS CERT classifies as being part of industrial enterprise technology infrastructure. --------------------------------------------- http://securelist.com/analysis/publications/77842/threat-landscape-for-indu… *** From DDoS to Server Ransomware: APACHE STRUTS 2 - CVE-2017-5638 Campaign *** --------------------------------------------- As soon as a zero-day remote code execution vulnerability is disclosed, it is common to see many scans in the wild. Some of these scans are researchers, but many of .. --------------------------------------------- https://f5.com/labs/articles/threat-intelligence/malware/from-ddos-to-serve… *** This book reads you - using JavaScript *** --------------------------------------------- Apple just released a fix for one issue I reported last year in iBooks that allowed access to files on a users system when a book was opened. iBooks on El Capitan would .. --------------------------------------------- https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-us… *** Gefahr durch Exploit für Zombie-IIS *** --------------------------------------------- Microsofts Internet Information Services 6.0 sind eigentlich Alteisen, für das es nicht einmal Sicherheits-Updates gibt. Trotzdem gibt es noch über 30.000 allein in Deutschland. Und die sind durch einen öffentlich bekannten Exploit akut bedroht. --------------------------------------------- https://heise.de/-3666599 *** Verschlüsselung: Schwachstellen in zahlreichen VoIP-Anwendungen entdeckt *** --------------------------------------------- Das ZRT-Protokoll soll für sichere Verbindungen und verschlüsselte VoIP-Telefonate sorgen. Forscher haben Schwachstellen in zahlreichen ZRTP-Anwendungen .. --------------------------------------------- https://www.golem.de/news/verschluesselung-schwachstellen-in-zahlreichen-vo… *** IronWASP – Part 1 *** --------------------------------------------- Considering not all vulnerability scanners are open source, a great deal of them are available such as: IronWASP OpenVAS Retina CS Community W3af Grabber, etc. In this article, we shall be discussing more about IronWASP. --------------------------------------------- http://resources.infosecinstitute.com/ironwasp-part-1-2/ *** Docs.com-Nutzer teilen Kennwörter und vieles mehr mit der Welt *** --------------------------------------------- Über Microsofts Dienst Docs.com lassen sich Dokumente teilen. Allerdings sind diese oft öffentlich einsehbar. Viele Anwender scheinen sich dem nicht bewusst zu sein – zu einfach finden sich Informationen wie Kennwörter. --------------------------------------------- https://heise.de/-3665975 *** Apache / ModSecurity Tutorials *** --------------------------------------------- This is a series of Apache web server tutorials that will span from the basics to advanced topics like ModSecurity and logfile visualization. --------------------------------------------- https://www.netnea.com/cms/apache-tutorials/ *** Xen Security Advisory XSA-206 - xenstore denial of service via repeated update *** --------------------------------------------- Unprivileged guests may be able to stall progress of the control domain or driver domain, possibly leading to .. --------------------------------------------- http://xenbits.xen.org/xsa/advisory-206.txt *** With iOS 10.3, iDevices get new Apple File System with native encryption support *** --------------------------------------------- On Monday, Apple released updates for its various products. As usual, they fix flaws and add capabilities, but the iOS update (v10.3) is more noteworthy than usual, .. --------------------------------------------- https://www.helpnetsecurity.com/2017/03/28/apple-file-system-encryption/ *** Ransomware: Scammer erpressen Besucher von Porno-Seiten *** --------------------------------------------- Über einen Fehler in Apples Safari für iPhone blockieren Unbekannte den Browser mit einem immer wiederkehrenden Javascript-Popup. Darin werden Nutzer aufgefordert, Lösegeld zu zahlen. Mit einem einfachen Trick lässt sich der Falle aber entgehen. --------------------------------------------- https://www.golem.de/news/ransomware-scammer-erpressen-besucher-von-porno-s…

1 0

Tageszusammenfassung - Montag 27-03-2017
by Daily end-of-shift report 27 Mar '17

27 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-03-2017 18:00 − Montag 27-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** SAP NetWeaver J2EE Platform Security *** --------------------------------------------- In the previous article, we discussed SAP NetWeaver ABAP Platform and its vulnerabilities. Today's topic is the J2EE platform, its architecture, vulnerabilities, and the latest trends in its cyber security. --------------------------------------------- http://resources.infosecinstitute.com/sap-netweaver-j2ee-platform-security/ *** [Update] Ungepatchte SAP-Systeme angreifbar für Remote Code Execution *** --------------------------------------------- Wenn die im Rahmen des SAP Security Patch Day im März 2017 veröffentlichten Patches nicht umgehend eingespielt werden, droht die Kompromittierung zentraler Datenbestände, warnen SAP-Kenner. --------------------------------------------- https://heise.de/-3664479 *** Amazon-Phishingmail: Rechnung über Ihre Verkäufergebühren *** --------------------------------------------- In einer angeblichen Nachricht von "Europe Amazon" erhalten Kund/innen die Information, dass ihr "Duplikat der elektronisch erzeugten Steuerrechnung" verfügbar sei. Sie können es in einem beigefügten Dokument, das den Login-Bereich von Amazon imitiert, herunterladen. Es handelt sich um einen Phishingversuch. --------------------------------------------- https://www.watchlist-internet.at/phishing/amazon-phishingmail-rechnung-ueb… *** Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005 *** --------------------------------------------- On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigatin… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework *** http://www-01.ibm.com/support/docview.wss?uid=swg22000663 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory *** http://www-01.ibm.com/support/docview.wss?uid=swg22000643 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition *** http://www.ibm.com/support/docview.wss?uid=swg22000871 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) *** http://www.ibm.com/support/docview.wss?uid=swg22000608 --------------------------------------------- *** IBM Security Bulletin: Privilege Escalation vulnerability affects Cognos Business Intelligence (CVE-2016-8960) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993718 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2016-8610) *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in SSH affect IBM DataPower Gateways (CVE-2016-10009, CVE-2016-10012) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000413&myns=swgws&mynp=O… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5 *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024968 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Selling and Fulfillment Foundation is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-8917) *** http://www.ibm.com/support/docview.wss?uid=swg22000943 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology *** https://www.ibm.com/support/docview.wss?uid=swg22000784 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for UNIX (CVE-2016-2183) *** https://www-01.ibm.com/support/docview.wss?uid=swg22000927 --------------------------------------------- *** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-9990) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998824 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 24-03-2017
by Daily end-of-shift report 24 Mar '17

24 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-03-2017 18:00 − Freitag 24-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** TROOPERS 2017 Day #4 Wrap-Up *** --------------------------------------------- I'm just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition. --------------------------------------------- https://blog.rootshell.be/2017/03/23/troopers-2017-day-4-wrap/ *** Google slaps Symantec for sloppy certs, slow show of SNAFUs *** --------------------------------------------- Certs will keep working, but Chrome will be suspicious, soon Googles Chrome development team has posted a stinging criticism of Symantecs certificate-issuance practices, saying it has lost confidence in the companys practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/03/24/google_slap… *** Referrer spoofing with iframe injection *** --------------------------------------------- Last year we've been playing with a very simple method to spoof the referrer on Edge, which allowed us of course to spoof the referrer and -as a bonus- other neat things like bypass the XSS filter. Today I found out that it was patched, so I decided to give it a try and find a way around the patch. Honestly I don't feel it's a bypass but clearly a variation. From a practical point of view, it works again and bypasses the patch... --------------------------------------------- https://www.brokenbrowser.com/referer-spoofing-patch-bypass/ *** VMSA-2017-0004.6 *** --------------------------------------------- VMware product updates resolve remote code execution vulnerability via Apache Struts 2 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0004.html *** Betrugsnetzwerk: Kinox.to-Nutzern Abofallen andrehen *** --------------------------------------------- Eine Betrugskampagne nutzt Sicherheitslücken im Stock-Browser von Android aus, um Nutzern Abofallen und Premiumdienste zuzuschieben. Die Betrüger bauen gefälschte Webshops auf, um legitim zu erscheinen. (Abofallen, Server) --------------------------------------------- https://www.golem.de/news/betrugsnetzwerk-mit-fake-webshops-kinox-to-nutzer… *** DFN-CERT-2017-0524/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im Traffic Management Microkernel (TMM) auf BIG-IP-Systemen durch die Versendung präparierten Netzwerkverkehrs für einen Denial-of-Service (DoS)-Angriff ausnutzen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0524/ *** Erpressung durch iCloud-Fernlöschung: Wie Sie Ihr iPhone schützen *** --------------------------------------------- Unbekannte drohen damit, wahllos iPhones zu löschen - wenn Apple nicht zahlt. Die Angreifer sind offenbar in Besitz von iCloud-Zugangsdaten. Mac & i erklärt, wie man sich gegen einen derartigen Angriff wappnen kann. --------------------------------------------- https://heise.de/-3663802 *** LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in the LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01 *** BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded password vulnerability in the Becton, Dickinson and Company (BD) Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01 *** Vuln: libpcre Multiple Security Vulnerabilities *** --------------------------------------------- libpcre is prone to the following multiple security vulnerabilities: 1. A denial-of-service vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to run arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions. libpcre1 in PCRE 8.40 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/97067 *** DFN-CERT-2017-0526/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- Ein lokaler, einfach authentisierter Angreifer mit erweiterten Privilegien kann sensitive Daten ausspähen, die seit dem letzten Neustart betroffener Geräte angefallen sind. Dazu gehören beispielsweise die Passwörter zu kürzlich erstellten Benutzerkonten. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0526/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console *** http://www.ibm.com/support/docview.wss?uid=nas8N1021868 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities CVE-2016-5636 and CVE-2016-5699 in Python affect IBM i *** http://www.ibm.com/support/docview.wss?uid=nas8N1021926 --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1120) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000152 --------------------------------------------- *** IBM Security Bulletin: A cross-site scripting vulnerablity has been addressed in IBM Kenexa LMS on Cloud 5.1 *** http://www.ibm.com/support/docview.wss?uid=swg21999483 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0 *** http://www.ibm.com/support/docview.wss?uid=swg21998874 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5… ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 23-03-2017
by Daily end-of-shift report 23 Mar '17

23 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-03-2017 18:00 − Donnerstag 23-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Google: Die Hälfte aller Android-Geräte erhält unsere Sicherheitspakete nicht *** --------------------------------------------- Google macht Fortschritte im Kampf gegen Malware im Play Store, muss aber eingestehen, dass mehr als eine halbe Milliarde Android-Geräte die regelmäßigen Sicherheitsupdates der Firma nicht erhält. Viele dieser Geräte haben eklatante Sicherheitslücken. --------------------------------------------- https://heise.de/-3662665 *** AIX for Penetration Testers *** --------------------------------------------- This was my first encounter with privilege escalation on AIX and I was pretty surprised by how little information I found online on enumerating AIX systems. ... It took me a little time going through various AIX system administration guides and command cheatsheets (links at the bottom of the post) and putting together a list of various post-exploitation techniques to use on the box. I decided to put this blog-post up with the hope that it will one day help another clueless pentester/red teamer. --------------------------------------------- https://thevivi.net/2017/03/19/aix-for-penetration-testers/ *** Avatar Rootkit: Decryption of the Key and Data *** --------------------------------------------- In this second article on the dropper, we will resume our analysis right where we left off: the decryption of the key and data. After the decryption, two structures are initialized. The equivalent pseudo-code is presented below. --------------------------------------------- http://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-… *** [R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities *** --------------------------------------------- Log Correlation Engine (LCE) 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243. --------------------------------------------- http://www.tenable.com/security/tns-2017-09 *** Vuln: libavcodec CVE-2017-7206 Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97006 *** VMware AirWatch Input Validation Flaw in Shared Filenames Lets Remote Authenticated Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038116 *** Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-… *** DFN-CERT-2017-0508/">Apple iTunes: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0508/ *** Vuln: NfSen CVE-2017-6972 Unspecified Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/97016 *** DFN-CERT-2017-0506/">NTP: Mehrere Schwachstellen ermöglichen u.a. die Auführung beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0506/ *** DFN-CERT-2017-0518/">Samba: Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0518/ *** DFN-CERT-2017-0515/">Git: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0515/ *** DFN-CERT-2017-0520/">BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0520/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Privilege Escalation (CVE-2017-1153) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999563 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology *** http://www.ibm.com/support/docview.wss?uid=swg21999820 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance *** http://www.ibm.com/support/docview.wss?uid=swg22000304 --------------------------------------------- *** IBM Security Bulletin: IBM TRIRIGA Application Platform Cross-Site Scripting (XSS) (CVE-2016-9737) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996200 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996836 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager Unix (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306) *** http://www.ibm.com/support/docview.wss?uid=swg22000209 --------------------------------------------- *** IBM Security Bulletin: IBM Jazz for Service Management (Jazz SM) is affected by a code execution vulnerability in IBM Tivoli Common Reporting (TCR) (CVE-2016-5983) *** http://www.ibm.com/support/docview.wss?uid=swg22000719 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily