Daily

daily@lists.cert.at

1 participants
3154 discussions

Tageszusammenfassung - Mittwoch 22-03-2017
by Daily end-of-shift report 22 Mar '17

22 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-03-2017 18:00 − Mittwoch 22-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Cybellum verkauft Autostart-Funktion als Zero-Day *** --------------------------------------------- Mit kräftigen Worten, einem eigenen Namen und Logo und dem Prädikat "Zero-Day" stellt Cybellum eine Technik vor, mit der sich Malware in einem Windows-System verankern lässt -- nachdem es bereits die Kontrolle übernommen hat. --------------------------------------------- https://heise.de/-3662090 *** QNAP Storage Devices Multiple Flaws Let Remote Users Inject SQL Commands, Steal Cookies, Conduct Cross-Site Scripting and Clickjacking Attacks, Obtain Potentially Sensitive Informaiton, and Execute Arbitrary Code *** --------------------------------------------- http://www.securitytracker.com/id/1038091 *** Vuln: Malware Information Sharing Platform CVE-2017-7215 Multiple Cross Site Scripting Vulnerabilities *** --------------------------------------------- http://www.securityfocus.com/bid/96997 *** Vuln: Rockwell Automation FactoryTalk Activation CVE-2017-6015 Local Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96996 *** Security Advisory - Information Leak Vulnerability in Huawei Hilink APP *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170322-… *** Security Advisory - Phone Finder Bypass Vulnerability in Some Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170322-… *** Phishingversuch bei der FH Oberösterreich *** --------------------------------------------- In einer gefälschten FH OOE IT-SERVICE DESK-Nachricht heißt es, dass Empfänger/innen ihr Webmail-Konto bestätigen müssen. Dazu sollen sie eine Website aufrufen und ihre Zugangsdaten bekannt geben. Es handelt sich um einen Phishingversuch. Wer der Aufforderung nachkommt, übermittelt Kriminellen die Zugangsdaten des FH OÖ-Webmailkontos. --------------------------------------------- https://www.watchlist-internet.at/phishing/phishingversuch-bei-der-fh-obero… *** Avatar Rootkit: Dropper Analysis Part 2 *** --------------------------------------------- In this second article on the dropper, we will resume our analysis right where we left off: the decryption of the key and data. After the decryption, two structures are initialized. The equivalent pseudo-code is presented below. --------------------------------------------- http://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-… *** Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170322-… *** Intermediate Mitigation Measures May be Required for Apache Struts Vulnerabilities *** --------------------------------------------- The general consensus among InfoSec professionals is to patch critical vulnerabilities such as Apache Struts as soon as a patch is made available by the vendor. So why mightn't your company simply patch Apache Struts and go on your merry way? Not all events can be remediated immediately. Very often, intermediate mitigation measures must be taken to lower the risk of exploit and protect assets very quickly. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/intermediate-mitigatio… *** Passwortklau-Lücke in Lastpass geschlossen (oder auch nicht) *** --------------------------------------------- Eine Sicherheitslücke im Passwort-Manager Lastpass erlaubt das Auslesen von Passwörtern. Unter Umständen kann der Angreifer auch Code ausführen. Es gibt Berichte, dass der Fix von Lasspass die Lücke bisher nicht erfolgreich geschlossen hat. --------------------------------------------- https://heise.de/-3661616 *** Code Execution Vulnerability Found in Libpurple IM Library *** --------------------------------------------- A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Pidgin and Adium for the macOS platform. Adium 1.5.10.2 is vulnerable and can be exploited to run arbitrary code remotely. ... Pidgin has been patched in version 2.12.0. --------------------------------------------- https://threatpost.com/code-execution-vulnerability-found-in-libpurple-im-l… *** Vuln: D-Link DIR-600M CVE-2017-5874 Cross Site Request Forgery Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96999 *** Apple-Erpressung: Hacker drohen angeblich mit Fernlöschung von iPhones *** --------------------------------------------- Das Ändern der PIN aus der Ferne ist bei iPhone und iPad allerdings nur möglich, wenn der Nutzer keine Code-Sperre für sein Gerät eingerichtet hat - die Aktivierung der Code-Sperre ist auch deshalb dringend zu empfehlen. Um den Zugriff auf die eigenen iCloud-Daten besser zu schützen, sollte Apples Zwei-Faktor-Authentifizierung aktiviert werden. Die Sicherheitsfunktion hilft allerdings nicht gegen das Fernsperren und Fernlöschen... --------------------------------------------- https://www.heise.de/mac-and-i/meldung/Apple-Erpressung-Hacker-drohen-angeb… *** SAP Vulnerability Puts Business Data at Risk for Thousands of Companies *** --------------------------------------------- Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week. --------------------------------------------- http://threatpost.com/sap-vulnerability-puts-business-data-at-risk-for-thou… *** Cisco Security Advisories *** --------------------------------------------- *** Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software HTTP Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOS XE Software Web User Interface Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… --------------------------------------------- *** Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco IOx Data in Motion Stack Overflow Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Application-Hosting Framework Directory Traversal Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-6056) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010022 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for HP NonStop (CVE-2016-7055, CVE-2017-3732) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000456 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access *** http://www.ibm.com/support/docview.wss?uid=swg21999797 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities CVE-2016-0736, CVE-2016-2161 and CVE-2016-8743 in IBM i HTTP Server *** http://www.ibm.com/support/docview.wss?uid=nas8N1021918 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Open Source Samba, NTP and ISC BIND affect IBM Netezza Host Management *** http://www-01.ibm.com/support/docview.wss?uid=swg21997024 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 21-03-2017
by Daily end-of-shift report 21 Mar '17

21 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-03-2017 18:00 − Dienstag 21-03-2017 18:00 Handler: Petr Sikuta Co-Handler: Robert Waldner *** Kritische Sicherheitslücken in E-Learning-Plattform Moodle geschlossen *** --------------------------------------------- Moodle-Admins aufgepasst: Die Open-Source E-Learning-Plattform enthält Sicherheitslücken, welche es Angreifern ermöglichen, einen Moodle-Server zu kapern. --------------------------------------------- https://heise.de/-3660119 *** Personalized spam campaign targets Germany *** --------------------------------------------- The key detail of each message was the fact that the recipient's full name, mailing address, and telephone number were embedded in the middle of the message. --------------------------------------------- https://www.symantec.com/connect/blogs/personalized-spam-campaign-targets-g… *** Workaround? Abdrehen! *** --------------------------------------------- Langsam gibt es erste Details zu den 0-days, die im Vault-7-Leak enthalten sind.Betroffen sind u.A. Switche von Cisco. Patches sind noch nicht für alle Modelle verfügbar, laut Heise gibt es aber folgenden Workaround:Bis dahin empfiehlt der Hersteller Telnet auf betroffenen Geräte zu deaktivieren und bis zum Erscheinen des Patches auf SSH zu setzen. Das ist meiner Meinung nach viel zu kurz gegriffen. --------------------------------------------- http://www.cert.at/services/blog/20170321100440-1957.html *** OpenSSH Bugs Let Remote Users Decrypt Messages in Certain Cases and Let Remote Authenticated Users Create or Modify Files on the Target System *** --------------------------------------------- Impact: A remote authenticated server can create or modify files on the connected target user's system. A remote user may be able to decrypt messages in certain cases. Solution: The vendor has issued a fix (7.5). --------------------------------------------- http://www.securitytracker.com/id/1038071 *** Google: Zahl der gehackten Webseiten steigt rapide *** --------------------------------------------- Im Jahr 2016 wurden 32 Prozent mehr Webseiten gehackt, als im Jahr zuvor. Das geht aus den von Google erhobenen Daten zu infizierten Servern hervor. Die Firma gibt Webmastern deswegen Hilfestellung beim Verhindern von Hackerangriffen. --------------------------------------------- https://heise.de/-3660903 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000285 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release *** http://www-01.ibm.com/support/docview.wss?uid=swg2C1000283 --------------------------------------------- *** IBM Security Bulletin: IBM Call Center for Commerce is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-6056) *** http://www.ibm.com/support/docview.wss?uid=swg22000442 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 20-03-2017
by Daily end-of-shift report 20 Mar '17

20 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-03-2017 18:00 − Montag 20-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Malicious Subdirectories Strike Again *** --------------------------------------------- In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim's database structure, attackers were able to inject ads and promote their products. This time, attackers used a similar technique with a little bit more sophistication to achieve their goals. Essay Spam Campaign This technique is now being used to distribute --------------------------------------------- https://blog.sucuri.net/2017/03/malicious-subdirectories-strike-again.html *** Mimikatz: Walkthrough *** --------------------------------------------- Security researchers have been obsessed with Windows security since the beginning of time. Various tools have been released over the years which try to weaken the security/bypass it in some way or the other. Mimikatz is a tool written in `C` as an attempt to play with Windows security. --------------------------------------------- http://resources.infosecinstitute.com/mimikatz-walkthrough/ *** Doctor Web: It is possible to decrypt files encrypted with Trojan.Encoder.10465 *** --------------------------------------------- March 17, 2017 Doctor Web has developed an algorithm that successfully decrypts files encrypted by Trojan.Encoder.10465. Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content: Warning!!! All your files are encrypted with AESalgorithm! --------------------------------------------- http://news.drweb.com/show/?i=11211&lng=en&c=9 *** Sicherheitsupdate in Sicht: Gravierende Telnet-Lücke bedroht zahlreiche Cisco-Switches *** --------------------------------------------- Offensichtlich hat Cisco den Vault-7-Leak analysiert und ist auf eine kritische Lücke in über 300 Modellen seiner Switch-Reihe mit IOS-Betriebsystem gestoßen. Bislang gibt es nur einen Workaround - ein Patch soll folgen. --------------------------------------------- https://heise.de/-3658915 *** RIPS - Finding vulnerabilities in PHP application *** --------------------------------------------- The biggest fear of any developer has always been that their site may get hacked and occasionally it does end up being hacked. For a very long time, the most popular stack being used for the development of website has been the LAMP Stack (Linux, MySQL, PHP/Perl/Python). --------------------------------------------- http://resources.infosecinstitute.com/rips-finding-vulnerabilities-php-appl… *** Browser: Update der Ask.com-Toolbar verteilt Malware *** --------------------------------------------- Die meisten Nutzer dürften sich ohnehin nur fragen, wie sie die Ask.com-Toolbar im Browser am schnellsten wieder loswerden. Doch es gibt ein weiteres Problem: Der Update-Prozess des Programms ist notorisch für Sicherheitslücken anfällig. (Malware, Virus) --------------------------------------------- https://www.golem.de/news/browser-update-der-ask-com-toolbar-verteilt-malwa… *** Gefälschte Virenwarnung auf dem Smartphone *** --------------------------------------------- Während der mobilen Nutzung des Smartphones erscheinen angebliche Virenwarnungen. Sie geben vor, dass das Endgerät mit Schadsoftware infiziert sei. Abhilfe schafft ein Schutzprogramm aus einer unbekannten Quelle. Es kann Schadsoftware installieren oder zu einem Abovertrag führen. --------------------------------------------- https://www.watchlist-internet.at/handy-abzocke/gefaelschte-virenwarnung-au… *** Low Orbit Ion Cannon: Star-Trek-Ransomware tarnt sich als DDoS-Tool *** --------------------------------------------- Wer einen DDoS-Angriff starten will, sollte seine Werkzeuge gut auswählen. Bestimmte Versionen der Low Orbit Ion Cannon starten derzeit keinen Überlastungsangriff, sondern die Verschlüsselung der eigenen Festplatte. Teuer wird es auch, wenn Spock die Festplatte entschlüsseln soll. (Star Trek, Applikationen) --------------------------------------------- https://www.golem.de/news/low-orbit-ion-cannon-star-trek-ransomware-tarnt-s… *** Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by bash vulnerabilities *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024962 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Application Delivery Intelligence v1.0.1, v1.0.1.1, and v1.0.2. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547,CVE-2016-5548, CVE-2016-5549) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000014 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by php5 vulnerabilities (CVE-2016-9933, CVE-2016-9935) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024961 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by an International Components for Unicode (ICU) vulnerability (CVE-2014-9911) *** http://www-01.ibm.com/support/docview.wss?uid=isg3T1024958 --------------------------------------------- *** IBM Security Bulletin: IBM Security Key Lifecycle Manager is affected by Query Parameter in SSL Request (CVE-2016-6102) *** http://www.ibm.com/support/docview.wss?uid=swg22000359 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect WebSphere Message Broker and IBM Integration Bus *** http://www.ibm.com/support/docview.wss?uid=swg22000536 ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-03-2017
by Daily end-of-shift report 17 Mar '17

17 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-03-2017 18:00 − Freitag 17-03-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Bugtraq: CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure *** --------------------------------------------- http://www.securityfocus.com/archive/1/540291 *** SSA-603476 (Last Update 2017-03-16): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476… *** Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy *** --------------------------------------------- Nearly three years ago, I wrote a post named “Pass-the-Hash is Dead: Long Live Pass-the-Hash” that detailed some operational implications of Microsoft’s KB2871997 patch. A specific sentence in the security advisory, “Changes to this feature .. --------------------------------------------- http://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-loca… *** Chamois: Google deckt betrügerisches Werbenetzwerk auf *** --------------------------------------------- Adfraud ist ein weit verbreitetes Problem auf Android-Geräten. Google hat Details zu einem neu entdeckten Netzwerk bekanntgegeben, es soll das größte bislang bekannte sein. --------------------------------------------- https://www.golem.de/news/chamois-google-deckt-betruegerisches-werbenetzwer… *** Winzige Kameras auf Bankomaten spähen PINs aus *** --------------------------------------------- Die Londoner Polizei hat innerhalb kurzer Zeit mehrere Mini-Kameras entdeckt, die an Geldautomaten angebracht waren. --------------------------------------------- https://futurezone.at/digital-life/winzige-kameras-auf-bankomaten-spaehen-p… *** GitHub Code Execution Bug Fetches $18,000 Bounty *** --------------------------------------------- GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console. --------------------------------------------- http://threatpost.com/github-code-execution-bug-fetches-18000-bounty/124378/ *** BSI: Schützt euer Owncloud vor Feuer und Wasser! *** --------------------------------------------- Das BSI beklagt, dass Nutzer von Owncloud und Nextcloud ihre Installationen nicht aktualisieren. Das liegt aber auch daran, dass die Updatefunktion oft fehlschlägt. Und die .. --------------------------------------------- https://www.golem.de/news/bsi-schuetzt-euer-owncloud-vor-feuer-und-wasser-1… *** Sieben Jahre alte Lücke im Linux-Kernel erlaubt Rechteausweitung *** --------------------------------------------- Über die Lücke können Angreifer außerdem den Kernel lahmlegen. Da die Lücke schon so lange im Code des Kernels schlummert, betrifft sie sehr viele Systeme. --------------------------------------------- https://heise.de/-3657912 *** Wettbewerb: Windows, MacOS, Linux und Browser gehackt *** --------------------------------------------- Bei der Veranstaltung Pwn2Own hacken IT-Security-Teams um die Wette. Insgesamt winken eine Million US-Dollar Preisgeld. --------------------------------------------- https://futurezone.at/digital-life/wettbewerb-windows-macos-linux-und-brows… *** Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability *** --------------------------------------------- A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Low Orbit Ion Cannon: Star-Trek-Ransomware tarnt sich als DDos-Tool *** --------------------------------------------- Wer einen DDoS-Angriff starten will, sollte seine Werkzeuge gut auswählen. Bestimmte Versionen der Low Orbit Ion Cannon starten derzeit keinen Überlastungsangriff, sondern die Verschlüsselung der eigenen Festplatte. Teuer wird es .. --------------------------------------------- https://www.golem.de/news/low-orbit-ion-cannon-star-trek-ransomware-tarnt-s…

1 0

Tageszusammenfassung - Donnerstag 16-03-2017
by Daily end-of-shift report 16 Mar '17

16 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 15-03-2017 18:00 − Donnerstag 16-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Attackers target dozens of global banks with new malware *** --------------------------------------------- Organizations in 31 countries have been targeted in a new wave of attacks which has been underway since at least October 2016. The attackers used compromised websites or 'watering holes' to infect pre-selected targets with previously unknown malware. --------------------------------------------- https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks… *** SEO Spam Campaign Exploiting WordPress REST API Vulnerability *** --------------------------------------------- Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated. In fact, we are seeing quite a few sites that are still using versions 4.7 and 4.7.1, which are vulnerable to the WordPress REST API vulnerability patched in early February (version 4.7.2). This more serious vulnerability allows attackers to create, delete, and modify .. --------------------------------------------- https://blog.sucuri.net/2017/03/seo-spam-via-wp-rest-api-vulnerability.html *** Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001 *** --------------------------------------------- Drupal 8.2.7, a maintenance release which contains fixes for security vulnerabilities, is now available for download.Download Drupal 8.2.7Upgrading your existing Drupal 8 sites is strongly recommended. There are no new features nor non-security-related bug fixes in this release. --------------------------------------------- https://www.drupal.org/SA-2017-001 *** Ransomware operators are hiding malware deeper in installer packages *** --------------------------------------------- We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These changes are observed in installers that drop ransomware like Cerber, Locky, and others. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/03/15/ransomware-operators-ar… *** DFN-CERT-2017-0429/">Roundcube Webmail: Eine Schwachstelle ermöglicht einen Cross-Site-Scripting-Angriff *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer kann mit Hilfe einer Email, die ein speziell präpariertes SVG-Element enthält, einen Cross-Site-Scripting (XSS)-Angriff gegen Benutzer von Roundcube Webmail durchführen. Der Hersteller stellt Roundcube Webmail 1.1.8 und 1.2.4 zur Behebung der Schwachstelle bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0429/ *** Using Intels SGX to Attack Itself *** --------------------------------------------- Researchers have demonstrated using Intels Software Guard Extensions to hide malware and steal cryptographic keys from inside SGXs protected enclave:Malware Guard Extension: Using SGX to Conceal Cache AttacksAbstract:In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. --------------------------------------------- https://www.schneier.com/blog/archives/2017/03/using_intels_sg.html *** [2017-03-16] Authenticated Command Injection in multiple Ubiquiti Networks products *** --------------------------------------------- The firmware of various Ubiquiti Networks devices contains a command injection vulnerability which can be exploited by luring an authenticated user to click on a malicious link or surf to a malicious website. Low privileged users can elevate their rights and use the vulnerability for further attacks. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** Moodle 2.7.19 release notes *** --------------------------------------------- A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. --------------------------------------------- https://docs.moodle.org/dev/Moodle_2.7.19_release_notes *** NexusLogger: A New Cloud-based Keylogger Enters the Market *** --------------------------------------------- NexusLogger is a cloud-based keylogger that uses the Microsoft .NET Framework and has a low level of sophistication. NexusLogger collects keystrokes, system information, stored passwords and will take screenshots. It also specifically seeks to harvest game credentials for UPlay, Minecraft, Steam, and Origin. ... All NexusLogger samples require communications with the nexuslogger[.]com domain via HTTPS, which makes it trivial for defenders to block. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/03/unit42-nexuslogger-new-c… *** Penetration Testing Node.Js Applications - Part-2 *** --------------------------------------------- This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them while doing performing code review of node.js applications. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** Vuln: Palo Alto Networks Terminal Services CVE-2017-6356 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96925 *** Alert (TA17-075A) HTTPS Interception Weakens TLS Security *** --------------------------------------------- Organizations that have performed a risk assessment and determined that HTTPS inspection is a requirement should ensure their HTTPS inspection products are performing correct transport layer security (TLS) certificate validation. Products that do not properly ensure secure TLS communications and do not convey error messages to the user may further weaken the end-to-end protections that HTTPS aims to provide. --------------------------------------------- https://www.us-cert.gov/ncas/alerts/TA17-075A *** Code Review of Node.Js Applications: Uncommon Flaws *** --------------------------------------------- This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them while doing performing code review of node.js applications. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** (Twitter) Keep Calm and Revoke Access *** --------------------------------------------- For the last 24 hours, the Twitter landscape has seen several official accounts hacked. ... How to protect against this kind of attack? First, do not link your Twitter account to untrusted or suspicious applications. ... Finally, the best advice is to visit the following link at regular interval: https://twitter.com/settings/applications. During your first visit, you could be surprised to find so many applications linked to your account! --------------------------------------------- https://blog.rootshell.be/2017/03/15/keep-calm-revoke-access/ *** BSI warnt vor gefährdeten Cloud-Servern: über 20.000 deutsche ownCloud- und Nextcloud-Installationen veraltet *** --------------------------------------------- Das BSI ist auf viele veraltete Installationen von ownCloud und Nextcloud gestoßen. Obwohl die Betroffenen Bescheid wissen, haben bislang die wenigsten reagiert. --------------------------------------------- https://heise.de/-3656458 *** Microsoft To End Support For Windows Vista In Less Than a Month *** --------------------------------------------- In less than a months time, Microsoft will put Windows Vista to rest once and for all. If youre one of the few people still using it, you have just a few weeks to find another option before time runs out. (I mean, nobody will uninstall it from your computer, but.) From a report on PCWorld: After April 11, 2017, Microsoft will no longer support Windows Vista: no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates... --------------------------------------------- http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9XgfNI5PoWc/microsoft-to-en… *** Warnung vor kaufhaus-guenther.de *** --------------------------------------------- Kaufhaus Günther ist ein 'Online Kaufhaus'. Es wirbt mit Produkten für Haushalt, Technik und Möbel. Die verlangten Preise sind sehr günstig. Eine Bezahlung der Ware ist nur im Voraus möglich. Wer sie bezahlt, verliert Geld, denn kaufhaus-guenther.de ist ein Fake-Shop. Er liefert trotz Bezahlung keine Ware. Darüber hinaus droht ein Identitätsdiebstahl. --------------------------------------------- https://www.watchlist-internet.at/fake-shops/warnung-vor-kaufhaus-guentherd… *** DFN-CERT-2017-0479/">McAfee Advanced Threat Defence (ATD): Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- Ein einfach authentisierter Angreifer im benachbarten Netzwerk mit erweiterten Privilegien kann die SQL-Abfragelogik der Advanced Threat Defense über speziell präparierte HTTP-Anfragen so manipulieren, dass unautorisierte Aktionen im Kontext der unterliegenden Datenbank möglich sind (SQL-Injection). Intel Security erwähnt die Möglichkeit, auf diese Weise Produktinformationen auszuspähen. Die Ausführung beliebigen SQL-Programmcodes ist ebenfalls denkbar, aber nicht bestätigt. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0479/ *** Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017 *** --------------------------------------------- On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux. --------------------------------------------- http://threatpost.com/hackers-take-down-reader-safari-edge-ubuntu-linux-at-… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest *** http://www-01.ibm.com/support/docview.wss?uid=swg21994995 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Netezza Host Management (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997019 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearCase (CVE-2016-0718, CVE-2015-1283, CVE-2016-4472, CVE-2015-2716) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998042 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearQuest (CVE-2016-0718, CVE-2015-1283, CVE-2016-4472, CVE-2015-2716) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998866 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearQuest (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998868 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Perl component shipped with IBM Rational ClearCase (CVE-2015-8608, CVE-2015-8853, CVE-2016-2381) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998046 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Liberty for Java for IBM Bluemix January 2017 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg22000092 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2016-8624, CVE-2016-8625) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996857 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight *** http://www-01.ibm.com/support/docview.wss?uid=swg22000124 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence *** http://www-01.ibm.com/support/docview.wss?uid=swg22000123 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 15-03-2017
by Daily end-of-shift report 15 Mar '17

15 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 14-03-2017 18:00 − Mittwoch 15-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Sicherheitsupdates: Microsoft veranstaltet zwei Patchdays an einem Tag *** --------------------------------------------- Im März holt Microsoft den aus unbekannten Gründen verschobenen Patchday aus dem Februar nach, stellt zudem die Patches für den aktuellen Monat bereit und schließt insgesamt 140 Sicherheitslücken. --------------------------------------------- https://heise.de/-3653806 *** March 2017 security update release *** --------------------------------------------- Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month's security updates can be found on the Security Update Guide. Security bulletins were also published this month to give customers extra time to ensure they are... --------------------------------------------- https://blogs.technet.microsoft.com/msrc/2017/03/14/march-2017-security-upd… *** Propaganda auf Twitter *** --------------------------------------------- Der echte Groundhog Day ist noch nicht lange her, und manchmal kommt es einem so vor, als wäre im Internet jeden Tag "Groundhog Day": manche Sachen wiederholen sich einfach viel zu oft.Aktuell geht es um missbrauchte Twitter-Accounts. Das hatte wir schon im November: twittercounter.com hatte ein Problem, und schon werden Tweets unter falschem Namen verteilt. Das gleiche ist gerade wieder passiert... --------------------------------------------- http://www.cert.at/services/blog/20170315114231-1952.html *** Patchday: Adobe umsorgt Flash und Shockwave Player *** --------------------------------------------- Wie gewohnt flickt Adobe den Flash Player - darüber hinaus bekommt diesen Monat auch der Shockwave Player ein Sicherheitsupdate serviert. --------------------------------------------- https://heise.de/-3653924 *** Citrix XenServer Multiple Security Updates *** --------------------------------------------- Two security issues have been identified within Citrix XenServer. These issues could, if exploited, allow the administrator ... --------------------------------------------- https://support.citrix.com/article/CTX220771 *** VMware Workstation and Fusion Memory Access Error in Drag and Drop Function Lets Local Users on a Guest System Gain Elevated Privileges on the Host System *** --------------------------------------------- http://www.securitytracker.com/id/1038025 *** DNSSEC-Schlüsseltausch 2017: ICANN setzt Testseite für Resolver auf *** --------------------------------------------- Sollte es Angreifern gelingen, einen DNSSEC-Schlüssel zu knacken, können sie glaubwürdig aussehende, aber falsche DNS-Replys verbreiten. Deshalb müssen Schlüssel ab und zu gewechselt werden. Bei der Root-Zone ist das eine heikle Sache. --------------------------------------------- https://www.heise.de/newsticker/meldung/DNSSEC-Schluesseltausch-2017-ICANN-… *** Petya ransomware returns, wrapped in extra VX nastiness *** --------------------------------------------- PetrWrap tries to blame its predecessor for attacks Researchers have spotted a variant of last years Petya ransomware, now with updated crypto and ransomware models. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/petya_retur… *** Gefälschte Rechnung auf dropboxusercontent.com *** --------------------------------------------- In einer E-Mail mit dem Betreff "Zahlungsdetails" erhalten Internet-Nutzer/innen angeblich eine Rechnung. Sie steht unter dem Link "dl.dropboxusercontent.com/" als ZIP-Datei zum Download bereit. In Wahrheit handelt es sich bei dem Dokument um Schadsoftware. Aus diesem Grund dürfen Empfänger/innen die angebliche Rechnung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnu… *** Konsumentenschützer wollen Update-Verpflichtung *** --------------------------------------------- Verbraucherorganisationen aus aller Welt fordern die 20 führenden Industrie- und Schwellenländer (G20) zum grenzüberschreitenden Schutz der Konsumenten im Internet auf. --------------------------------------------- https://futurezone.at/digital-life/konsumentenschuetzer-wollen-update-verpf… *** Schwere Sicherheitslücke in den Web-Oberflächen von WhatsApp und Telegram geschlossen *** --------------------------------------------- Eine Lücke bei WhatsApp Web und Telegram Web erlaubt es Angreifern, die Web-Sessions der Messenger zu kapern. Auf diesem Wege können sie Nachrichten mitlesen, Adressbücher kopieren und Schadcode an Kontakte verschicken. --------------------------------------------- https://heise.de/-3653793 *** Where Have All The Exploit Kits Gone? *** --------------------------------------------- For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what's replaced them? --------------------------------------------- http://threatpost.com/where-have-all-the-exploit-kits-gone/124241/ *** Vorsicht Fake: Betrüger locken mit Emulator für Nintendos Switch *** --------------------------------------------- Derzeit kursiert im Internet eine Anwendung, die Spiele von Nintendos aktueller Konsole Switch auf PCs emulieren können soll: Die "Entwickler" hinter dem vermeintlichen Emulator verfolgen aber ein ganz anderes Ziel. --------------------------------------------- https://heise.de/-3654299 *** PowerShell Remoting Artifacts: An Introduction *** --------------------------------------------- Since PowerShell usage by malware is on the rise, in this article series, we will learn about the various artifacts related to PowerShell remoting that can be very beneficial during the investigation and during building stories around Attack Chain. --------------------------------------------- http://resources.infosecinstitute.com/powershell-remoting-artifacts-part-1/ *** Gaps in NIS standardisation: Mapping the requirements of the NIS Directive to specific standards *** --------------------------------------------- ENISA publishes a report on European standardisation within the context of the NIS Directive. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/gaps-in-nis-standardisation-map… *** VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials *** --------------------------------------------- Vulnerability Note VU#553503 D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials --------------------------------------------- http://www.kb.cert.org/vuls/id/553503 *** An Introduction to Penetration Testing Node.js Applications *** --------------------------------------------- In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues. --------------------------------------------- http://resources.infosecinstitute.com/penetration-testing-node-js-applicati… *** SAP pushes to patch risky HANA security flaws before hackers strike *** --------------------------------------------- Europes top software maker SAP said on Tuesday it had patched vulnerabilities in its latest HANA software that had a potentially high risk of giving hackers control over databases and business applications used to run big multinational firms. --------------------------------------------- http://www.reuters.com/article/us-cyber-sap-idUSKBN16L1FH *** JSON Libraries Patched Against Invalid Curve Crypto Attack *** --------------------------------------------- JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. --------------------------------------------- http://threatpost.com/json-libraries-patched-against-invalid-curve-crypto-a… *** Security Advisory - DoS Vulnerability in Vibrator Service of Huawei Smart Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170315-… *** Vuln: SAP NetWeaver Visual Composer Denial of Service Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96865 *** JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates *** --------------------------------------------- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759&actp=RSS *** Vuln: SAP ERP Remote Authorization Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96871 *** Vuln: Trend Micro InterScan Messaging Security CVE-2017-6398 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96859 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM Algo One ARA reports can be accessed by another user *** http://www.ibm.com/support/docview.wss?uid=swg21999754 --------------------------------------------- *** IBM Security Bulletin: A security vulnerability has been identified in IBM Java SDK that affect IBM Security Directory Suite (CVE-2016-5597) October 2016 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg21994296 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010008 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010007 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010009 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840 *** http://www.ibm.com/support/docview.wss?uid=ssg1S1010010 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology *** http://www.ibm.com/support/docview.wss?uid=swg21999965 --------------------------------------------- *** Cisco Security Advisories *** --------------------------------------------- *** Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Web Security Appliance URL Filtering Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Meetings Server XML External Entity Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Meshed Wireless LAN Controller Impersonation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco WebEx Meetings Server Authentication Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco UCS Director Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco TelePresence Server API Privilege Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 9000 Series Switches Remote Login Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Prime Infrastructure API Credentials Management Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco StarOS SSH Privilege Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… --------------------------------------------- *** Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 14-03-2017
by Daily end-of-shift report 14 Mar '17

14 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 13-03-2017 18:00 − Dienstag 14-03-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Stored XSS in WordPress Core *** --------------------------------------------- As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, .. --------------------------------------------- https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.htm *** DSA-3808 imagemagick - security update *** --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code if malformed TGA, Sun or PSD files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3808 *** VMSA-2017-0004 *** --------------------------------------------- VMware product updates resolve remote code execution vulnerability via Apache Struts 2 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0004.html *** Hintergrund: Vom Leben und Sterben der 0days *** --------------------------------------------- Viele diskutieren über Zero-Day-Exploits, doch die wenigsten haben je ein lebendiges Exemplar gesehen. Zwei interessante Studien bringen überraschende Erkenntnisse zur Lebenserwartung dieser gefährlichen Spezies. --------------------------------------------- https://heise.de/-3651392 *** Privatsphäre: Verschleiern der MAC-Adresse bei WLAN ist fast nutzlos *** --------------------------------------------- Die eigene MAC-Adresse beim WLAN zu verschleiern, gilt als eine der zentralen Funktionen zum Schutz der Privatsphäre. Auf mobilen Geräten ist dieser Schutz weitgehend nutzlos. --------------------------------------------- https://www.golem.de/news/privatsphaere-verschleiern-der-mac-adresse-bei-wl… *** Security Bulletins posted for Flash Player and Adobe Shockwave Player *** --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB17-07) and Adobe Shockwave Player (APSB17-08). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1449 *** Betreiber kritischer Infrastruktur erhalten Zugang zu Behörden-Funk *** --------------------------------------------- "Direkter Draht" zu Behörden im Falle eines kompletten "Blackouts" – Innenministerium stellt Funkgeräte .. --------------------------------------------- http://derstandard.at/2000054157780 *** Red Hat Product Security Risk Report 2016 *** --------------------------------------------- At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates .. --------------------------------------------- https://access.redhat.com/blogs/766093/posts/2957221

1 0

Tageszusammenfassung - Montag 13-03-2017
by Daily end-of-shift report 13 Mar '17

13 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 10-03-2017 18:00 − Montag 13-03-2017 18:00 Handler: Olaf Schwarz Co-Handler: Alexander Riepl *** Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products *** --------------------------------------------- On March 6, 2017, Apache disclosed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could allow an attacker to execute commands remotely on the targeted system using a .. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Bugtraq: [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege *** --------------------------------------------- http://www.securityfocus.com/archive/1/540252 *** Bugtraq: [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass *** --------------------------------------------- http://www.securityfocus.com/archive/1/540251 *** SF9 Realex Magento Module Targeted by Credit Card Scrapers *** --------------------------------------------- Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked .. --------------------------------------------- https://blog.sucuri.net/2017/03/sf9-realex-magento-module-targeted-by-credi… *** Letzter Support-Monat für Windows Vista *** --------------------------------------------- Am 11. April will Microsoft zum letzten Mal Sicherheits-Updates für Windows Vista veröffentlichen. Alle nach diesem Termin gefundenen Lücken bleiben ungefixt. Vista an sich läuft zwar weiter, sollte danach aber besser nicht mehr ans Internet. --------------------------------------------- https://www.heise.de/newsticker/meldung/Letzter-Support-Monat-fuer-Windows-… *** Studie: Viele Webseiten setzen verwundbare JavaScript-Bibliotheken ein *** --------------------------------------------- Sicherheitsforscher haben über 100.000 Domains gescannt und herausgefunden, dass auf fast 40 Prozent veraltete und unsichere JavaScript-Bibliotheken zum Einsatz kommen. --------------------------------------------- https://heise.de/-3650648 *** Security Notice - Statement on Remote Code Execution Vulnerability in Apache Struts2 *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170313-01-… *** Betrügerischer Support der US Software Solutions Inc *** --------------------------------------------- Eine vermeintliche Systembenachrichtigung informiert Nutzer/innen darüber, dass ihr Computer mit Schadsoftware befallen sei. Die US Software Solutions Inc .. --------------------------------------------- https://www.watchlist-internet.at/scamming/betruegerischer-support-der-us-s… *** 13 Google Play Store Apps Caught Stealing Instagram Credentials *** --------------------------------------------- Instagram users are once again the targets of malicious Android apps hosted on the Play Store, apps which steal .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/13-google-play-store-apps-ca… *** IBM Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2017-1151) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21999293 *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22000120 *** Nintendo Switch: Hacker baut iOS-Exploit um und nutzt Schwachstelle im Browser *** --------------------------------------------- Im Webbrowser der Switch klafft eine Sicherheitslücke, für deren Ausnutzung es bereits Proof-of-Concept-Code gibt. Zudem sind Hacker in den Recovery-Modus der Spielkonsole eingestiegen. --------------------------------------------- https://heise.de/-3650977 *** Vorinstallierte Malware auf Smartphones von LG und Samsung *** --------------------------------------------- Sicherheitsforscher haben Schadsoftware auf neuen Smartphones und Tablets entdeckt. Die Geräte wurden auf dem Vertriebsweg infiziert. --------------------------------------------- https://futurezone.at/digital-life/vorinstallierte-malware-auf-smartphones-…

1 0

Tageszusammenfassung - Freitag 10-03-2017
by Daily end-of-shift report 10 Mar '17

10 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 09-03-2017 18:00 − Freitag 10-03-2017 18:00 Handler: Olaf Schwarz Co-Handler: Stephan Richter *** After CIA leak, Intel Security releases detection tool for EFI rootkits *** --------------------------------------------- Intel Security has released a tool that allows users to check if their computers low-level system firmware has been modified and contains unauthorized code.The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apples Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.The documents from... --------------------------------------------- http://www.cio.com/article/3179345/security/after-cia-leak-intel-security-r… *** Over a Third of Websites Use Outdated and Vulnerable JavaScript Libraries *** --------------------------------------------- More than a third of the websites you visit online may include an outdated JavaScript library thats vulnerable to one or more security flaws. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/over-a-third-of-websites-use… *** Middle East Government organizations hit with RanRan Ransomware *** --------------------------------------------- Palo Alto Networks discovered a new strain of ransomware, dubbed RanRan ransomware, that has been used in targeted attacks in Middle East. Malware researchers at Palo Alto Networks have spotted a new strain of ransomware, dubbed RanRan, that has been used in targeted attacks against government organizations in the Middle East. --------------------------------------------- http://securityaffairs.co/wordpress/57031/malware/ranran-ransomware.html *** Sicherheit: Tails 2.11 und 3.0 Beta2 freigegeben *** --------------------------------------------- Nur zwei Tage auseinander liegen die Veröffentlichungen von Tails 2.11 und 3.0 Beta. Während 2.11 eine der letzten Aktualisierungen der Distribution auf der Basis von Debian 8 "Jessie" ist, wird Tails 3.0 bei seinem Erscheinen im Juni auf Debian 9 "Stretch" setzen. --------------------------------------------- https://www.golem.de/news/sicherheit-tails-2-11-und-3-0-beta2-freigegeben-1… *** Firefox stellt Support für Windows XP und Vista ein *** --------------------------------------------- Die aktuelle Version 52 des Browsers ist die letzte, die die veralteten Windows-Betriebsysteme unterstützt. --------------------------------------------- https://futurezone.at/produkte/firefox-stellt-support-fuer-windows-xp-und-v… *** How Dutch Police Decrypted BlackBerry PGP Messages For Criminal Investigation *** --------------------------------------------- The Dutch police have managed to decrypt a number of PGP-encrypted messages sent by criminals using their custom security-focused PGP BlackBerry phones and identified several criminals in an ongoing investigation. PGP, or Pretty Good Privacy, an open source end-to-end encryption standard that can be used to cryptographically sign emails, files, documents, or entire disk partitions in order to... --------------------------------------------- https://thehackernews.com/2017/03/decrypt-pgp-encryption.html *** Why the SHA-1 collision means you should stop using the algorithm *** --------------------------------------------- Realistically speaking, if your software or system uses the SHA-1 hashing algorithm, it is unlikely that it will be exploited in the foreseeable future. But it is also extremely difficult to be certain that your system wont be the exception. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/03/why-sha-1-collision-means-yo… *** CryptoBlock ransomware and its C2 *** --------------------------------------------- CryptoBlock is an interesting ransomware to keep an eye on. We expect this to be a ransomware that is in development to eventually develop into a RaaS (Ransomware as a Service).Categories: MalwareThreat analysisTags: CryptoBlockraasransomwareRansomware as a Servicevirustotal(Read more...) --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2017/03/cryptoblock-and-its-c… *** DSA-3806 pidgin - security update *** --------------------------------------------- It was discovered a vulnerability in Pidgin, a multi-protocol instantmessaging client. A server controlled by an attacker can send an invalidXML that can trigger an out-of-bound memory access. This might lead to acrash or, in some extreme cases, to remote code execution in theclient-side. --------------------------------------------- https://www.debian.org/security/2017/dsa-3806 *** Schneider Electric ClearSCADA *** --------------------------------------------- This advisory contains mitigation details for an input validation vulnerability in Schneider Electrics ClearSCADA. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01 *** Security Advisory: Apache Struts 2 vulnerability CVE-2017-5638 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43451236.html?… *** NetIQ Privileged User Manager 2.4.1 HF2 (2.4.1-2) *** --------------------------------------------- Abstract: NetIQ Privileged User Manager 2.4.1 Hot Fix 2 (2.4.1.2). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release does not contain new features.Document ID: 5276651Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:netiq-npum-packages-2.4.1-2.tar.gz (139.85 MB)Products:Privileged User Manager 2.4.1Superceded Patches:PUM2.4.1HF... --------------------------------------------- https://download.novell.com/Download?buildid=88wYDI-5uRA~ *** VMware Workstation update addresses multiple security issues *** --------------------------------------------- a. VMware Workstation DLL loading vulnerability b. VMware Workstation SVGA driver vulnerability c. VMware Workstation NULL pointer dereference vulnerability --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0003.html *** Vuln: F-Secure Anti-Virus CVE-2017-6466 Remote Code Execution Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96784 *** IBM Security Bulletin: Vulnerabilities in Nagios Core affect IBM Pure Power Integrated Manager (PPIM) (CVE-2016-9565, CVE-2016-9566) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=isg3T1024796 *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight (CVE-2016-6816, CVE-2016-8735) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21997359 *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence (CVE-2016-6816, CVE-2016-8735) *** --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg21997358

1 0

Tageszusammenfassung - Donnerstag 9-03-2017
by Daily end-of-shift report 09 Mar '17

09 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 08-03-2017 18:00 − Donnerstag 09-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Jetzt patchen! Apache Struts 2 im Visier von Hackern *** --------------------------------------------- Derzeit nutzen Angreifer gehäuft eine kritische Sicherheitslücke in dem Framework aus und versuchen so Web-Server zu übernehmen. Neue Versionen und Workarounds schaffen Abhilfe. --------------------------------------------- https://heise.de/-3648065 *** Uncovering cross-process injection with Windows Defender ATP *** --------------------------------------------- Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft... --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/03/08/uncovering-cross-proces… *** #APF17: Call for Papers *** --------------------------------------------- ENISA's Annual Privacy Forum (APF) is to be held in Vienna on the 7th and 8th June 2017, in collaboration with the Law Faculty of the University of Vienna. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/apf17-call-for-papers *** 185.000 unsichere Webcams könnten Hackern private Einblicke gewähren *** --------------------------------------------- Ein Sicherheitsforscher stieß auf kritische Sicherheitslücken in einer chinesischen Webcam. Das Problem ist, viele Hersteller setzen auf die verwendete Software und verkaufen angreifbare Kameras unter ihrer Marke. --------------------------------------------- https://heise.de/-3648458 *** Emsisoft Releases a Decryptor for the CryptON Ransomware *** --------------------------------------------- Yesterday, Emsisofts CTO and malware researcher Fabian Wosar? released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decrypto… *** SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro Deep Discovery Email Inspector 2.5.1 *** --------------------------------------------- Trend Micro has released a Critical Patch for Deep Discovery Email Inspector (DDEI) 2.5.1. This Critical Patch resolves multiple vulnerabilities related to the user interface (UI) and authentication. --------------------------------------------- https://success.trendmicro.com/solution/1116750 *** Security Notice - Statement on Security Researcher Revealing XSS Security Vulnerability in Huawei HG658 V2 on Packet Storm Website *** --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170308-01-… *** VU#305448: D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability *** --------------------------------------------- D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected. --------------------------------------------- http://www.kb.cert.org/vuls/id/305448 *** Bugtraq: [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution *** --------------------------------------------- http://www.securityfocus.com/archive/1/540239 *** Bugtraq: [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download *** --------------------------------------------- http://www.securityfocus.com/archive/1/540241 *** Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2016-029Project: Services (third-party module)Version: 7.xDate: 2017-March-08Security risk: 21/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Arbitrary PHP code executionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module accepts user submitted data in PHPs serialization format ("Content-Type: application/vnd.php.serialized") --------------------------------------------- https://www.drupal.org/node/2858847 *** PRLP - Critical - Access Bypass and Privilege Escalation - SA-CONTRIB-2017-030 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-030Project: Password Reset Landing Page (PRLP) (third-party module)Version: 8.xDate: 2017-March-08Security risk: 16/25 ( Critical) AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypass, Privilege escalationDescriptionThis module adds a form on the password-reset-landing page to allow changing the password of the user during the log in process.The module does not sufficiently validate all access tokens, which allows an attacker to... --------------------------------------------- https://www.drupal.org/node/2858880 *** Vuln: Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability *** -------------------------------------------- http://www.securityfocus.com/bid/96731 *** Vuln: Apache NiFi CVE-2017-5635 Security Bypass Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/96730 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities affect Rational Rhapsody Design Manager with potential for security attacks *** http://www.ibm.com/support/docview.wss?uid=swg21999960 --------------------------------------------- *** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998463 --------------------------------------------- *** IBM Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436) *** http://www.ibm.com/support/docview.wss?uid=swg21999781 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996748 ---------------------------------------------

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily