=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 07-02-2017 18:00 − Mittwoch 08-02-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** As Valve eradicates serious bug in Steam, here's what you need to know ***
---------------------------------------------
Steam, an online game platform with more than 125 million active accounts, is in the process of fixing a serious security hole that opens users to hacks that could redirect them to attack sites, spend their market funds, or possibly make malicious changes to their user profiles.
---------------------------------------------
https://arstechnica.com/security/2017/02/as-valve-eradicates-serious-bug-in…
*** Fileless attacks against enterprise networks ***
---------------------------------------------
This threat was originally discovered by a bank's security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry. Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim's host to the attacker's C2.
---------------------------------------------
http://securelist.com/blog/research/77403/fileless-attacks-against-enterpri…
*** Strategies to Mitigate Cyber Security Incidents ***
---------------------------------------------
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, business email compromise and industrial control systems.
---------------------------------------------
http://www.asd.gov.au/infosec/mitigationstrategies.htm
*** ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability ***
---------------------------------------------
An attacker can exploit the vulnerability to bypass authentication and thereby gain administrator privileges.
---------------------------------------------
http://www.securityfocus.com/archive/1/540100
*** When A Pony Walks Out Of A Pub ***
---------------------------------------------
Talos has observed a small email campaign leveraging the use of Microsoft Publisher files.
...
Unlike other applications within the Microsoft Office suite, Microsoft Publisher does not support a Protected View mode.
...
The file used in this campaign was aimed at infecting the victim with the, well known, Pony malware
---------------------------------------------
http://blog.talosintel.com/2017/02/pony-pub-files.html
*** Multiple Vulnerabilities in Trend Micro Control Manager (TMCM) 6.0 ***
---------------------------------------------
CVSS 2.0 Score(s): 4.0 - 6.8
Severity Rating(s): Medium
Trend Micro has released a new build for Trend Micro Conrol Manager 6.0. This build resolves multiple vulnerabilities related to potential remote code execution, directory traversal, SQL injections, and unauthorized access to XML files.
---------------------------------------------
https://success.trendmicro.com/solution/1116624
*** SAP Security for Beginners Part 5: SAP Risks - Sabotage ***
---------------------------------------------
Sabotage attacks on SAP systems were promised as a today's topic, so, let's look at potential sabotage vectors.
---------------------------------------------
http://resources.infosecinstitute.com/sap-security-beginners-part-5-sap-ris…
*** Sielco Sistemi Winlog SCADA Software ***
---------------------------------------------
This advisory contains mitigation details for an uncontrolled search path vulnerability in Sielco Sistemis Winlog SCADA Software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
*** BD Alaris 8000 Insufficiently Protected Credentials Vulnerability ***
---------------------------------------------
This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an insufficiently protected credentials vulnerability in BD's Alaris 8000 Point of Care unit, which provides a common user interface for programming intravenous infusions.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01
*** BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the NCCIC Portal on January 17, 2017, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for protected credentials vulnerabilities in BD's Alaris 8015 Point of Care unit, which provides a common user interface for programming intravenous infusions.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02
*** BINOM3 Electric Power Quality Meter (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-17-031-01 BINOM3 Electric Power Quality Meter that was published January 31, 2017, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A
*** Citrix NetScaler Nonce Generation Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037795
*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in Emergdata Driver of Huawei Smart Phones ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-…
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in Goldeneye Driver of Huawei Smart Phones ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-…
---------------------------------------------
*** Security Advisory - MITM Vulnerability in Huawei Vmall APP ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170208-…
---------------------------------------------
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995427
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for Cross-Site Scripting attack (CVE-2016-6055) ***
http://www.ibm.com/support/docview.wss?uid=swg21995515
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Rational Rhapsody Design Manager with potential for Denial of Service attack ***
http://www.ibm.com/support/docview.wss?uid=swg21997798
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime may affect IBM Mobile Connect as a product bundler ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989670
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009543
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2016-8858, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012) ***
http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 06-02-2017 18:00 − Dienstag 07-02-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Heute ist es soweit: Es ist Internationaler Safer Internet Day! ***
---------------------------------------------
Der jährliche Aktionstag wurde 2004 von der Europäischen Kommission im Rahmen des Safer Internet-Programms ins Leben gerufen und findet seitdem jeden Februar statt. Mehr als 100 Länder beteiligen sich weltweit am Safer Internet Day, um über die sichere und verantwortungsvolle Internetnutzung aufzuklären. International organisiert das europäische Netzwerk Insafe den Safer Internet Day.
---------------------------------------------
https://www.saferinternet.at/news/news-detail/article/heute-feiern-wir-es-i…
*** DFN-CERT-2017-0216/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0216/
*** Got an OpenBSD Web server? Better patch it ***
---------------------------------------------
DoS-able bugs splatted OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/07/got_an_open…
*** Vuln: PEAR HTML_AJAX CVE-2017-5677 PHP Object Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96044
*** New Attack, Old Tricks ***
---------------------------------------------
A Word document targets Mac users with malicious macros and an open-source payload.
---------------------------------------------
https://objective-see.com/blog/blog_0x17.html
*** Citrix License Server for Windows and License Server VPX CVE-2017-5571 Open Redirect Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96028/discuss
*** DFN-CERT-2017-0217/">BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0217/
*** [2017-02-07] Multiple vulnerabilities in JUNG Smart Visu server ***
---------------------------------------------
Attackers can dump password hashes and other available data from the operating system of the JUNG Smart Visu Server. An attacker is able to access and control all Smart Visu server installation if he is able to crack the hashes. The group address password can be removed by using a single PUT request.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021845
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation ***
http://www.ibm.com/support/docview.wss?uid=swg21997654
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) Configuration tool ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024798
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSH affect IBM i ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021846
---------------------------------------------
*** IBM Security Bulletin: Security Vulnerability in OpenSSL affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ***
http://www.ibm.com/support/docview.wss?uid=swg21997056
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2016-5597, CVE-2016-5542) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997784
---------------------------------------------
*** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5883) ***
http://www.ibm.com/support/docview.wss?uid=swg21997010
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cisco Switches and Directors. ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009663
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization ***
http://www.ibm.com/support/docview.wss?uid=swg21982291
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect multiple N series products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009687
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 03-02-2017 18:00 − Montag 06-02-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Vuln: Barracuda NextGen Firewal F-Series Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96000
*** Vuln: Multiple GStreamer Plug-ins Buffer Overflow and Denial Of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/96001
*** Honeywell SCADA Controllers Exposed Passwords in Clear Text ***
---------------------------------------------
A series of remotely exploitable vulnerabilities - including clear text passwords - exist in a set of Honeywell SCADA systems.
---------------------------------------------
http://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clea…
*** [remote] - Netwave IP Camera - Password Disclosure ***
---------------------------------------------
https://www.exploit-db.com/exploits/41236/?rss
*** Security Advisory: Apache vulnerability CVE-2016-8743 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00373024.html?…
*** Security Advisory: OpenSSL vulnerability CVE-2016-7055 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43570545.html?…
*** [SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features ***
---------------------------------------------
I published the following diary on isc.sans.org: "Detecting Undisclosed Vulnerabilities with Security Tools & Features". I'm a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the "SIEM of the poor", it integrates a lot of interesting features and is fully configurable ...
---------------------------------------------
https://blog.rootshell.be/2017/02/04/sans-isc-diary-detecting-undisclosed-v…
*** Kodi-Erweiterung machte Anwender zu Botnetz-Zellen ***
---------------------------------------------
Anwender des Plug-ins "Exodus" für das Media-Center Kodi wurden zu unfreiwilligen Teilnehmern eines Botnets, das gezielte DDoS-Angriffe fuhr. Deren Ziel: Websites von Konkurrenten.
---------------------------------------------
https://heise.de/-3617777
*** NATO presents the Tallinn Manual 2.0 on International Law Applicable to cyberspace ***
---------------------------------------------
NATO's Cooperative Cyber Defense Centre of Excellence (CCDCOE) has published "Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations." Its world launch will be in Washington DC, February 8 at The Atlantic Council; followed by Europe at The Hague, February 13; and Tallinn, February 17.
---------------------------------------------
http://securityaffairs.co/wordpress/56004/cyber-warfare-2/nato-tallinn-manu…
*** Slammer worm slithers back online to attack ancient SQL servers ***
---------------------------------------------
If you get taken down by this 13-year-old malware, you probably deserve it One of the worlds most famous net menaces, SQL Slammer, has resumed attacking servers some 13 years after it set records by infecting 75,000 servers in 10 minutes, researchers say.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/05/sql_slammer…
*** Microsofts DRM can expose Windows-on-Tor users IP address ***
---------------------------------------------
Anonymity-lovers best not watch movies as .WMV files Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsofts DRM system.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/06/microsoft_d…
*** Bugtraq: ZoneMinder - multiple vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540093
*** Anbieter des WordPress-Plugin BlogVault gehackt ***
---------------------------------------------
Hacker haben bei einem Server-Einbruch Daten von BlogVault-Nutzern abgezogen. Anschließend sollen einige Webseiten, die auf das Plugin setzen, mit Malware infiziert worden sein, warnt der Anbieter.
---------------------------------------------
https://heise.de/-3618141
*** Lurk: Retracing the Group's Five-Year Campaign ***
---------------------------------------------
Fileless infections are exactly what their namesake says: theyre infections that dont involve malicious files being downloaded or written to the system's disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to gain privileges and persist in the system of interest to an attacker - all while staying under the radar.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kF9o3H2gLlM/
*** Überwachungsfirma Cellebrite: Hacker veröffentlicht iPhone-Cracking-Tools ***
---------------------------------------------
Wenn Software zum Knacken von Smartphones existiert, dann gelangt diese auch in die Hände Dritter, erklärt der Hacker, der die angeblich von einer Überwachungsfirma stammenden Tools veröffentlicht hat. Ähnlich argumentierte zuletzt auch Apple.
---------------------------------------------
https://heise.de/-3618462
*** Hacker hijacks thousands of publicly exposed printers to warn owners ***
---------------------------------------------
Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.
---------------------------------------------
http://www.cio.com/article/3166048/security/hacker-hijacks-thousands-of-pub…
*** ENISA: Challenges of security certification in emerging ICT environments ***
---------------------------------------------
ENISA issues today its report on the Challenges of security certification in emerging ICT environments. The report is targeted at EU Member States (MS), the Commission, certification bodies and the private sector, and provides a thorough description of the cyber security certification status concerning the most critical equipment in various critical business sectors.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/challenges-of-security-certific…
*** Chrome 57 [...] will no longer trust any StartSSL/Wosign issued certificates [...] ***
---------------------------------------------
Previous communication from Google (https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html) had read as though it would only be certificates issued since October 21, 2016 wouldnt be trusted. It then went onto say that it may not trust other certificates but didnt really say what that meant.
---------------------------------------------
https://forums.whirlpool.net.au/forum-replies.cfm?t=2605051
*** Six Best Practices for Securing a Robust Domain Name System (DNS) Infrastructure ***
---------------------------------------------
The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong.
---------------------------------------------
https://insights.sei.cmu.edu/sei_blog/2017/02/six-best-practices-for-securi…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021796
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation ***
http://www.ibm.com/support/docview.wss?uid=swg21993091
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998167
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 02-02-2017 18:00 − Freitag 03-02-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** How Google fought back against a crippling IoT-powered botnet and won ***
---------------------------------------------
Behind the scenes defending KrebsOnSecurity against record-setting DDoS attacks.
---------------------------------------------
https://arstechnica.com/security/2017/02/how-google-fought-back-against-a-c…
*** Improved scripts in .lnk files now deliver Kovter in addition to Locky ***
---------------------------------------------
Cybercriminals are using a combination of improved script and well-maintained download sites in trying to install Locky and Kovter on more computers. A few ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/02/02/improved-scripts-in-lnk…
*** Underground Scams: Cutting the Head Off a Snake ***
---------------------------------------------
Shortly after publishing our post about Terror EK, "King Cobra" (a Twitter account that we mentioned ..
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Underground-Scams--Cutting-t…
*** Cisco - Issue with Clock Signal Component ***
---------------------------------------------
One of our readers, Dalibor Cerar, sent us an email about an issue impacting Cisco...at this point. While its a hardware issue, the result if it occurs is a self inflicted Denial of Service. Cisco released a notice on February 2 that some of ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22033&rss
*** G-Suite: Google bringt S/MIME für Enterprise-Gmail ***
---------------------------------------------
Google hat ein umfangreiches Update für die Enterprise-Version seiner G-Suite angekündigt: Mit dabei sind verpflichtende Hardwareschlüssel, S/MIME für Gmail und erweiterte Funktionen, um Datenverlust zu verhindern.
---------------------------------------------
https://www.golem.de/news/enterprise-die-google-suite-soll-sicherer-werden-…
*** Hacker veröffentlichen gestohlene Cellebrite-Software ***
---------------------------------------------
Programme, die von den israelischen Sicherheitsexperten von Cellebrite zum Knacken von Smartphones genutzt werden, wurden nun veröffentlicht.
---------------------------------------------
https://futurezone.at/digital-life/hacker-veroeffentlichen-gestohlene-celle…
*** Rechnung in ZIP-Datei ist Schadsoftware ***
---------------------------------------------
In ihrem E-Mailpostfach finden Internet-Nutzer/innen eine Nachricht mit dem Betreff „Rechnung Nr. xxxxx“. Darin heißt es, dass die Empfänger/innen das beigefügte Dokument als ..
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/rechnung-in-zip-da…
*** The power of sharing: ENISA report on cyber security information sharing in the energy sector ***
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/the-power-of-sharing-enisa-repo…
*** Someone Tried to Resurrect 14-Year-Old SQL Slammer Worm ***
---------------------------------------------
For a week in November and December 2016, someone tried to resurrect the 14-year-old SQL Slammer worm, ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/someone-tried-to-resurrect-1…
*** Patch-Tag für Jenkins ***
---------------------------------------------
Aktuelle Versionen beseitigen insgesamt 19 Security-Probleme in Jenkins, von denen eines als schwerwiegend eingestuft ist.
---------------------------------------------
https://heise.de/-3617535
*** SQL-Injection-Lücke in McAfee ePolicy Orchestrator ***
---------------------------------------------
McAfees Lösung für zentrales Security-Management in Firmen und Konzernen weist selbst ein schwerwiegendes Sicherheitsproblem auf. Ein Hotfix des Herstellers sorgt für Abhilfe.
---------------------------------------------
https://heise.de/-3617503
*** Kritische Lücke in Microsoft Windows ermöglicht DoS / Remote Code Execution via SMB - noch keine Updates verfügbar ***
---------------------------------------------
Im SMB-Code von Microsoft Windows wurde eine Schwachstelle entdeckt, die im harmlosesten Fall einen Absturz des Betriebsystems zur Folge haben kann, im schlimmsten Fall sogar Remote Code Execution erlaubt.
---------------------------------------------
https://cert.at/warnings/all/20170203.html
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 01-02-2017 18:00 − Donnerstag 02-02-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** DSA-3780 ntfs-3g - security update ***
---------------------------------------------
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-writeNTFS driver for FUSE, does not scrub the environment before executingmodprobe with elevated privileges. A local user ..
---------------------------------------------
https://www.debian.org/security/2017/dsa-3780
*** Netherlands reverts to hand-counted votes to quell security fears ***
---------------------------------------------
Windows XP? SHA-1? USB sneakernet? What were they thinking? Or smoking? The Netherlands has decided its vote-counting software isnt ready for prime time, and will revert to ..
---------------------------------------------
www.theregister.co.uk/2017/02/02/netherlands_reverting_to_handcounted_votes…
*** Extrem kritische Lücke in Ciscos Prime Home könnte unzählige Router gefährden ***
---------------------------------------------
Internet- und Service-Anbieter sollten zügig ein Sicherheitsupdate für Cisco Prime Home installieren. Angreifer könnten Geräte mit wenig Aufwand missbrauchen und von da aus Router von Kunden übernehmen.
---------------------------------------------
https://heise.de/-3615465
*** Gmail Drops Support for Windows XP and Vista Users on Chrome ***
---------------------------------------------
Google says that starting with February 8, Chrome users will have to use version 54 or 55 (current) if they want to access their Gmail accounts.
---------------------------------------------
https://www.bleepingcomputer.com/news/software/gmail-drops-support-for-wind…
*** DDoS attacks in Q4 2016 ***
---------------------------------------------
2016 was the year of Distributed Denial of Service (DDoS) with major disruptions in terms of technology, ..
---------------------------------------------
http://securelist.com/analysis/quarterly-malware-reports/77412/ddos-attacks…
*** Jugendliche gehen schludrig mit Passwörtern um ***
---------------------------------------------
Der Sicherheitsbewusstsein von österreichischen Jugendlichen und Unter-30-Jährigen ist schlecht ausgeprägt. Jeder Zweite hat sein Passwort schon einmal weitergegeben.
---------------------------------------------
https://futurezone.at/digital-life/jugendliche-gehen-schludrig-mit-passwoer…
*** Security: Der Secret Service gibt Tipps für Rechenzentrumsbetreiber ***
---------------------------------------------
Ein Rechenzentrum behandeln wie das Weiße Haus? Diesen Tipp gab ein ehemaliger Mitarbeiter des Secret ..
---------------------------------------------
http://www.golem.de/news/security-der-secret-service-gibt-tipps-fuer-rechen…
*** KopiLuwak: A New JavaScript Payload from Turla ***
---------------------------------------------
A new, unique JavaScript payload is now being used by Turla in targeted attacks. This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents.
---------------------------------------------
http://securelist.com/blog/research/77429/kopiluwak-a-new-javascript-payloa…
*** Hackerangriff auf Tschechiens Außenamt offenbar größer als gedacht ***
---------------------------------------------
http://derstandard.at/2000052006680
*** Panne bei Handysignatur: Dokumentenname einsehbar ***
---------------------------------------------
Laut "Die Presse" waren 14 Stunden lang der Name aller unterzeichneten Dokumente abrufbar
---------------------------------------------
http://derstandard.at/2000052007651
*** Microsoft Windows SMB Tree Connect Response memory corruption vulnerability ***
---------------------------------------------
Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system.
---------------------------------------------
http://www.kb.cert.org/vuls/id/867968
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 31-01-2017 18:00 − Mittwoch 01-02-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** BINOM3 Electric Power Quality Meter ***
---------------------------------------------
This advisory contains mitigation details for vulnerabilities in BINOM3s electric power quality meter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01
*** Ecava IntegraXor ***
---------------------------------------------
This advisory contains mitigation details for an SQL injection vulnerability in the Ecava IntegraXor web server.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02
*** "Ändere-dein-Passwort-Tag": Pro und Contra Passwortwechsel ***
---------------------------------------------
Ist es sinnvoll, sein Passwort regelmäßig und vorsichtshalber zu ändern? Was in einigen Firmen verpflichtent ist, ist in Security-Kreisen umstritten. Unter Umständen kann das sogar kontraproduktiv sein.
---------------------------------------------
https://heise.de/-3613327
*** Cerber tops Windows 10 ransomware charts ***
---------------------------------------------
Crims aimed for a Christmas Number One and scored Net scum behind the Cerber ransomware have been pounding enterprises infecting more corporate machines than any other, according to Microsoft.…
---------------------------------------------
www.theregister.co.uk/2017/02/01/cerber_windows_10/
*** We need to talk about Granny: Shes way more likely to fall for phishing ***
---------------------------------------------
If you want to catch as many people as you can, go for the old legal razzle dazzle Usenix Enigma 2017 Research has shown that older people – particularly older ..
---------------------------------------------
www.theregister.co.uk/2017/02/01/why_old_women_biggest_phishing_victims/
*** Quick Analysis of Data Left Available by Attackers, (Wed, Feb 1st) ***
---------------------------------------------
While hunting for interesting cases, I found the following phishing email mimicking an UPS delivery notification: When you click on the link, you are redirected to the ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22015
*** Popular PlayStation and Xbox Gaming Forums Hacked; 2.5 Million Users Data Leaked ***
---------------------------------------------
Do you own an account on one of the two hugely popular PlayStation and Xbox gaming forums? Your details may have been exposed, as it has been revealed that the two ..
---------------------------------------------
http://thehackernews.com/2017/01/gaming-forum-hacking.html
*** Nächstes Hacker-Ziel: Ihr Hirn ***
---------------------------------------------
Neue Gehirn-Computer-Schnittstellen bringen die Gefahr von Hirn-Malware mit sich. Was wie eine Postillon-Schlagzeile klingt, beschäftigt ernsthafte Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3613672
*** Hacker Phineas Fisher dementiert, verhaftet worden zu sein ***
---------------------------------------------
Katalanische Behörden hatten nach Hausdurchsuchungen mehrere Personen festgenommen
---------------------------------------------
http://derstandard.at/2000051907276
*** Insiderhandel: Mitarbeiter verkaufen Firmengeheimnisse im Darknet ***
---------------------------------------------
Auf illegalen Online-Marktplätzen werden derzeit offenbar gezielt Insider angeworben, um mit deren Informationen kriminelle Geschäfte zu ermöglichen. Die Bandbreite ..
---------------------------------------------
http://www.golem.de/news/insiderhandel-mitarbeiter-verkaufen-firmengeheimni…
*** Hacker One: Die Sicherheitslücken der US-Armee ***
---------------------------------------------
Sicherheitsforscher hatten einen Monat Zeit, um die US-Armee zu hacken. 118 Sicherheitslücken wurden gefunden und beseitigt. Eine davon ermöglichte den Zugriff auf ein ..
---------------------------------------------
http://www.golem.de/news/hacker-one-die-sicherheitsluecken-der-us-armee-170…
*** Cisco Prime Home Authentication Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
*** Disclosure of Additional Security Fix in WordPress 4.7.2 ***
---------------------------------------------
WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately. In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional ..
---------------------------------------------
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-securit…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 30-01-2017 18:00 − Dienstag 31-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Printer Security ***
---------------------------------------------
TL;DR: In this blog post we give an overview of attack scenarios based on network printers, and show the possibilities of an attacker who has access to a vulnerable printer. We present our evaluation of 20 different printer models and show that each of ..
---------------------------------------------
https://web-in-security.blogspot.co.at/2017/01/printer-security.html
*** CVE-2017-5521: Bypassing Authentication on NETGEAR Routers ***
---------------------------------------------
Home routers are the first and sometimes last line of defense for a network. Despite this fact, many manufacturers of home routers fail to properly audit their devices for security issues before releasing them to the market. As security researchers, ..
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521--Bypassin…
*** Erpressungs-Trojaner Sage nutzt Bleeding-Edge-Krypto-Funktionen ***
---------------------------------------------
Eine neue Ransomware-Familie orientiert sich bei der Verschlüsselung mit Curve25519 und ChaCha20 am oberen Ende des derzeit zur Verfügung stehenden Repertoires von Krypto-Funktionen.
---------------------------------------------
https://heise.de/-3610664
*** DSA-3776 chromium-browser - security update ***
---------------------------------------------
https://www.debian.org/security/2017/dsa-3776
*** HTTPS: Das halbe Web ist nun verschlüsselt ***
---------------------------------------------
Verschlüsselter Traffic überholt laut Mozilla unverschlüsselte Verbindungen – Anstieg um zehn Prozent in einem Jahr
---------------------------------------------
http://derstandard.at/2000051841631
*** We see you, ransomware flingers, testing out your baddest stuff on... Germany? ***
---------------------------------------------
Securobods file data hostage report A security firm has floated the theory that malware authors are using German firms as a testing ground for their wares prior to wider distribution.
---------------------------------------------
www.theregister.co.uk/2017/01/31/ransomware_sitrep_report/
*** Google zahlte letztes Jahr drei Millionen Dollar an Sicherheitsforscher ***
---------------------------------------------
Mehr als je zuvor im Bug-Bounty-Programm – Je Fast eine Million für Android- und Chrome-Bugs
---------------------------------------------
http://derstandard.at/2000051858649
*** Sicherheitsupdate: Angreifer könnten Sophos Web Appliance über Kommandozeile entern ***
---------------------------------------------
Wer sein Netzwerk mit der Web Appliance von Sophos abschottet, sollte zügig prüfen, ob die aktuelle Software in Version 4.3.1 schon verfügbar ist. Diese Ausgabe schließt zwei Sicherheitslücken.
---------------------------------------------
https://heise.de/-3612070
*** Sophisticated cyber attacks increase, while overall volume falls ***
---------------------------------------------
NTT quarterly report highlights rise in sophistication but 35 per cent drop in overall attack volumes in Q4 2016
---------------------------------------------
https://www.htbridge.com/blog/sophisticated-cyber-attacks-increase-while-ov…
*** Viele Lücken in tcpdump – Bedrohungen noch nicht in Gänze geklärt ***
---------------------------------------------
Die aktuelle Version des Netzwerk-Sniffers rüstet sich gegen zahlreiche Schwachstellen, ist aber noch nicht überall verfügbar.
---------------------------------------------
https://heise.de/-3612240
*** Tschechische Regierung meldet Hackerangriff auf E-Mail-Konten ***
---------------------------------------------
Experten sollen Parallelen zu Hackerangriff auf Demokratische Partei in den USA vergangenes Jahr sehen
---------------------------------------------
http://derstandard.at/2000051866541-406
*** Nested, Targeted Attacks Built for Reconnaissance ***
---------------------------------------------
Researchers say NATO members were targeted for reconnaissance over the holidays by attacks using malicious OLE objects.
---------------------------------------------
http://threatpost.com/nested-targeted-attacks-built-for-reconnaissance/1234…
*** Usenix Enigma: Mit Sensorenmanipulation das Internet of Things verwirren ***
---------------------------------------------
Autonome Systeme verlassen sich auf Sensoren, um ihre Umwelt zu verstehen. Ein Wissenschaftler hat auf der Sicherheitskonferenz Usenix Enigma demonstriert, wie sich ..
---------------------------------------------
http://www.golem.de/news/usenix-enigma-mit-sensorenmanipulation-das-interne…
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 27-01-2017 18:00 − Montag 30-01-2017 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
*** Dridex Returns With Windows UAC Bypass Method ***
---------------------------------------------
Dridex banking malware returns with a new bypass technique that allows the malware to execute without triggering a Windows UAC alert to the user.
---------------------------------------------
http://threatpost.com/dridex-returns-with-windows-uac-bypass-method/123420/
*** What Keeps My Honeypot Busy These Days, (Fri, Jan 27th) ***
---------------------------------------------
Sometimes, it isnt the new and sophisticated attacks that keep your honeypots (and with that: you) busy, but things that make you go that works?. Looking over my honeypot today, I had a couple experiences like this. First of all, the old TR-064 NTP Server exploit that became big news when the Mirai botnet adopted it. Since then, most of the servers that hosted the follow-up code no longer deliver. But this doesnt prevent thousands of existing bots to persistently attempt the exploit. In...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21995&rss
*** ATM "Shimmers" Target Chip-Based Cards ***
---------------------------------------------
Several readers have called attention to warnings coming out of Canada about a supposed new form of ATM skimming called "shimming." Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Heres a brief primer on shimming attacks, and why they succeed.
---------------------------------------------
https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/
*** Request for Packets and Logs - TCP 5358, (Sat, Jan 28th) ***
---------------------------------------------
pStarting Sunday (22 Jan 17), there was a huge spike this week against TCP 5358. If anyone has logs or packets (traffic) that might help identify what it is can submit them via our a href="https://isc.sans.edu/contact.html"contact/a page would be appreciated. This is a snapshot as to what was reported so far this week in DShield./p p width:500px" //p p[1] https://isc.sans.edu/contact.html/p p-----------br / Guy Bruneau a href="http://www.ipss.ca/"IPSS Inc./abr /
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21997&rss
*** Adblock Plus: Staatsanwaltschaft durchsucht Werbeblocker-Anbieter Eyeo ***
---------------------------------------------
Der Kölner Adblocker-Anbieter Eyeo hat nun auch Ärger mit der Justiz. Hintergrund dürfte der Streit über die Frage sein, wer für die Erstellung von Filterregeln in der Easylist verantwortlich ist.
---------------------------------------------
http://www.golem.de/news/adblock-plus-staatsanwaltschaft-durchsucht-werbebl…
*** XSender: The Source of All the Recent XMPP Spam ***
---------------------------------------------
In recent months, security researchers, hackers, and other dwellers of the cyber-criminal underground have noticed an uptick in XMPP (formerly Jabber) spam. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/xsender-the-source-of-all-th…
*** Facebook: Sicheres Einloggen per USB-Stick ***
---------------------------------------------
Die Zwei-Faktor-Authentifizierung bei Facebook kann nun auch per Fido-USB-Sticks oder NFC-Tags erfolgen.
---------------------------------------------
https://futurezone.at/digital-life/facebook-sicheres-einloggen-per-usb-stic…
*** A Shakeup in Russia's Top Cybercrime Unit ***
---------------------------------------------
A chief criticism I heard from readers of my book, Spam Nation: The Inside Story of Organized Cybercrime, was that it dealt primarily with petty crooks involved in petty crimes, while ignoring more substantive security issues like government surveillance and cyber war. But now it appears that the chief antagonist of Spam Nation is at the dead center of an international scandal involving the hacking of U.S. state electoral boards in Arizona and Illinois, the sacking of Russias top cybercrime...
---------------------------------------------
https://krebsonsecurity.com/2017/01/a-shakeup-in-russias-top-cybercrime-uni…
*** Überwachungskameras von Washington DC mit Ransomware infiziert ***
---------------------------------------------
Nur acht Tage vor Trumps Angelobung wurde das Netzwerk der Überwachungskameras in der US-Hauptstadt angegriffen und teilweise lahmgelegt.
---------------------------------------------
https://futurezone.at/digital-life/ueberwachungskameras-von-washington-dc-m…
*** Google auf dem Weg zur unabhängigen Root-CA ***
---------------------------------------------
Künftig will das Unternehmen über den Google Trust Service eigene SSL-/TLS-Zertifikate ausstellen. Diese sollen bei Google-Diensten und Angeboten des Google-Mutterkonzerns Alphabet zum Einsatz kommen.
---------------------------------------------
https://heise.de/-3610041
*** Averting ransomware epidemics in corporate networks with Windows Defender ATP ***
---------------------------------------------
Microsoft security researchers continue to observe ransomware campaigns blanketing the market and indiscriminately hitting potential targets. Unsurprisingly, these campaigns also continue to use email and the web as primary delivery mechanisms. Also, it appears that most corporate victims are simply caught by the wide nets cast by ransomware operators. Unlike cyberespionage groups, ransomware operators do...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epi…
*** Kritische Lücke in WebEx: Cisco stellt offensichtlich finale Sicherheitsupdates bereit ***
---------------------------------------------
Nach mehreren vermeintlich abgesicherten Version von WebEx hat Cisco nun eigenen Angaben zufolge vollwertige Sicherheitsupdates veröffentlicht. Einige Unklarheiten bleiben aber.
---------------------------------------------
https://heise.de/-3610749
*** [2017-01-30] XSS and CSRF vulnerabiliies in multiple Ubiquiti Networks products ***
---------------------------------------------
Many products of Ubiquiti Networks are affected by a cross site scripting vulnerability. Malicious JavaScript code can be executed in the browser of the user. Furthermore, different actions on the system can be triggered by CSRF attacks.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017…
*** 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0 ***
---------------------------------------------
Microsoft is aware of a security vulnerability in the public version of ASP.NET Core MVC 1.1.0 where a malformed HTTP request could lead to a denial of service.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/4010983
*** Cryptkeeper Sets the same password "p" for everything independently of user input ***
---------------------------------------------
https://www.reddit.com/r/netsec/comments/5r16na/cryptkeeper_sets_the_same_p…
*** DSA-3775 tcpdump - security update ***
---------------------------------------------
Multiple vulnerabilities have been discovered in tcpdump, a command-linenetwork traffic analyzer. These vulnerabilities might result in denialof service or the execution of arbitrary code.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3775
*** TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities ***
---------------------------------------------
The administration interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed via the redirect_url GET parameter is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted...
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5393.php
*** Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF ***
---------------------------------------------
SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a users browser session. The WAF was bypassed via form-based CSRF.
---------------------------------------------
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5392.php
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2016-2126, 2016-2125) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009714
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in SSL affects IBM DataPower Gateways (CVE-2016-8610) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997209
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21997764
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 26-01-2017 18:00 − Freitag 27-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Zbot with legitimate applications on board ***
---------------------------------------------
Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader - a downloader installing on the victim machine a ZeuS-based malware.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2017/01/zbot-with-legitimate-appli…
*** Phishers unleash simple but effective social engineering techniques using PDF attachments ***
---------------------------------------------
The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg. We're seeing similarly simple but clever social engineering tactics using PDF attachments. These deceitful PDF attachments are being used in email phishing attacks that attempt to steal your email credentials. Apparently, the...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/01/26/phishers-unleash-simple…
*** Hintergrund: So hacken Maschinen ***
---------------------------------------------
Team Shellphish war einer der Teilnehmer der Cyber Grand Challenge der DARPA; jetzt beschreiben sie ihren Mechanical Phish und dessen Strategie.
---------------------------------------------
https://heise.de/-3608169
*** Bezahlung oder Kontosperre: Nationalbank warnt vor Telefonbetrug ***
---------------------------------------------
Unbekannte fälschen Telefonnummer von Bank und Anwalt, um Opfer unter Druck zu setzen
---------------------------------------------
http://derstandard.at/2000051638010
*** Security for Privacy on Data Protection Day ***
---------------------------------------------
On 28th January, ENISA joins 47 countries of the Council of Europe and the EU institutions, agencies and bodies, to celebrate the 11th annual European Data Protection Day.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/security-for-privacy-on-data-pr…
*** Sicherheitsupdate: Entwickler von TigerVNC raten zur zügigen Aktualisierung ***
---------------------------------------------
Durch das Ausnutzen einer Lücke könnten Angreifer im Zuge einer Virtual-Network-Computing Session Clients kapern.
---------------------------------------------
https://heise.de/-3609051
*** Cisco starts patching critical flaw in WebEx browser extension ***
---------------------------------------------
Cisco Systems has started to patch a critical vulnerability in its WebEx collaboration and conferencing browser extension that could allow attackers to remotely execute malicious code on computers.The company released a patched version of the extension -- 1.0.7 -- for Google Chrome on Thursday and is working on similar patches for the Internet Explorer and Mozilla Firefox versions.The vulnerability was found by Google security researcher Tavis Ormandy and stemmed from the fact that the WebEx...
---------------------------------------------
http://www.cio.com/article/3162014/security/cisco-starts-patching-critical-…
*** Heartbleed: (Almost) three years later ***
---------------------------------------------
Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets. I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are based on the list of domains under the Austrian ccTLD .at. We published a first report on these results in the summer of 2014. Were close to the three...
---------------------------------------------
http://www.cert.at/services/blog/20170127160051-1894_en.html
*** Security Advisory: OpenSSH vulnerability CVE-2016-10011 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/24/sol24324390.html?…
*** IDM 4.5 Midrange BiDirectional Driver 201611271513 ***
---------------------------------------------
Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.5 or higher. Driver version will show i5os Driver Version 4.5 Build Date 201611271513.To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)This patch also requires the driver activation from IDM 4.5Document ID: 5271130Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45midrange20161127.tar.gz (47.54 MB)Products:Identity Manager 4.0.2Identity...
---------------------------------------------
https://download.novell.com/Download?buildid=lY8lK_WKOeQ~
*** Bugtraq: ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540060
*** Vuln: EMC PowerPath Virtual (Management) Appliance CVE-2016-0890 Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95832
*** Eaton ePDU Path Traversal Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a path traversal vulnerability in certain legacy Eaton ePDUs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01
*** Belden Hirschmann GECKO ***
---------------------------------------------
This advisory contains mitigation details for a path traversal vulnerability in Beldens Hirschmann GECKO switch.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02
*** RSA Web Threat Detection Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1037726
*** Vuln: Terminal Services Agent CVE-2017-5328 Spoofing Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95823
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2016-5554, CVE-2016-5542) ***
http://www.ibm.com/support/docview.wss?uid=swg21994101
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Networking Switch products (CVE-2016-2183) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099533
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Flex System Networking Switch products (CVE-2016-2183) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099505
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM System Networking RackSwitch products (CVE-2016-2183) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099506
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 25-01-2017 18:00 − Donnerstag 26-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** VirLocker's comeback; including recovery instructions ***
---------------------------------------------
Virlocker is back, the nightmare is still real. But we have found a way to at least recover your important files even if the affected machine can be considered a loss.Categories: Malware Threat analysisTags: file infectingfile recoverymalwarepolymorphicransomwareself propagatingVirLockVirlocker(Read more...)
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/01/virlockers-comeback-i…
*** Cisco WebEx code execution hole - what you need to know ***
---------------------------------------------
Googles Project Zero found a serious hole in Ciscos WebEx browser extension that is nearly but not yet fully fixed. Heres what to do.
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/XBY4vnKgI4U/
*** Powerful Android RAT impersonates Netflix app ***
---------------------------------------------
Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. The latest example of this is the fake Netflix app spotted by Zscaler researchers. The fake app looks genuine at first glance, as it sports the same icon the actual legitimate Netflix app uses. But once it is installed on a smartphone or tablet and the victim clicks on it, it vanishes from...
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/26/android-rat-netflix-app/
*** Android VPN Apps Caught Intercepting Traffic, Failing to Encrypt ***
---------------------------------------------
New research released this week reveals that a large chunk of today Android VPN clients are a serious security and privacy risk, with some clients failing to encrypt traffic, and some even injecting ads in a customers browsing experience. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-vpn-apps-caught-inte…
*** Shamoon disk-wiping attackers can now destroy virtual desktops, too ***
---------------------------------------------
Mystery malware begins targeting a key disk-wiping defense.
---------------------------------------------
https://arstechnica.com/security/2017/01/shamoon-disk-wiping-malware-can-no…
*** Analysis of new Shamoon infections ***
---------------------------------------------
All of the initial analysis pointed to Shamoon emerging in the Middle East. This however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 Shamoon incidents had been reported from public to private sector.
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/26/shamoon-infections/
*** Gefälschte A1-Phishingmail: Neue Messaging-Plattform ***
---------------------------------------------
Kriminelle versenden eine gefälschte A1 Online-Nachricht. Sie hat das Betreff "Maßnahme erforderlich: Neue Messaging-Plattform" und fordert von Empfänger/innen, dass sie ihre Zugangsdaten auf einer Website bekannt geben.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-a1-phishingmail-neue…
*** OpenSSL Security Advisory [26 Jan 2017] ***
---------------------------------------------
Truncated packet could crash via OOB read (CVE-2017-3731) Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) Montgomery multiplication may produce incorrect results (CVE-2016-7055) Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
---------------------------------------------
https://www.openssl.org/news/secadv/20170126.txt
*** DFN-CERT-2017-0154: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0154/
*** IETF IPv6 Protocol CVE-2016-10142 Denial of Service Vulnerability ***
---------------------------------------------
CVE-2016-10142 kernel - IPV6 fragmentation flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1415908
---------------------------------------------
Generation of IPv6 Atomic Fragments Considered Harmful
https://tools.ietf.org/html/rfc8021
---------------------------------------------
http://www.securityfocus.com/bid/95797/
*** Security Advisory: TMM vulnerability CVE-2016-9249 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71282001.html?…
*** Bugtraq: ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540050
*** Vuln: Multiple TIBCO Products CVE-2017-3180 Multiple Unspecified Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95699
*** Vuln: Autodesk FBX-SDK CVE-2016-9307 Multiple Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95802
*** Vuln: Autodesk FBX-SDK CVE-2016-9304 Multiple Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95799
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple IBM Websphere Application Server (WAS) vulnerabilities (CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 ) ***
---------------------------------------------
Multiple vulnerabilities have been identified in the IBM Websphere Application Server (WAS) that is embedded in IBM FSM. This update addresses these issues. CVE(s): CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs for...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024555
*** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities ***
---------------------------------------------
IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries CVE(s): CVE-2014-3574, CVE-2014-3529, CVE-2016-5000 Affected product(s) and affected version(s): IBM Forms Experience Builder 8.5 IBM Forms Experience Builder 8.5.1 IBM Forms Experience Builder 8.6 Refer to the following reference URLs for remediation and...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21997296
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ***
---------------------------------------------
There are multiple vulnerabilities in IBM Runtime Environment Java Version 1.5 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in January and April 2016. This Bulletin addresses these vulnerabilities. CVE(s): CVE-2015-7575, CVE-2016-0448, CVE-2016-0475, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-0264, CVE-2016-3426 Affected product(s) and affected version(s): Flex...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024558