Daily

daily@lists.cert.at

1 participants
3190 discussions

Tageszusammenfassung - Donnerstag 2-03-2017
by Daily end-of-shift report 02 Mar '17

02 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 01-03-2017 18:00 − Donnerstag 02-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Kaspersky Releases Decryptor for the Dharma Ransomware *** --------------------------------------------- Kaspersky has tested a set of Dharma master decryption keys posted to BleepingComputer and has confirmed they are legitimate. These keys have been included in their RakhniDecryptor, which I have tested against a Dharma infection. The decryptor worked flawlessly! [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/kaspersky-releases-decryptor… *** The Story of an Expired WHOIS Server *** --------------------------------------------- We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into the WHOIS results for a domain name. If you are not familiar with "WHOIS", it is a protocol used to check who owns a specific domain name. These simple text records are publicly available and usually contain contact details for the website owner, i.e. their name, address, and phone number (unless the website owner purchased a WHOIS... --------------------------------------------- https://blog.sucuri.net/2017/03/story-expired-whois-server.html *** Infected Apps in Google Play Store (its not what you think), (Thu, Mar 2nd) *** --------------------------------------------- Xavier pointed me towards a new issue posted on Palo Altos Unit 42 blog - the folks at PA found apps in the Google Play store infected with hidden-iframe type malware. 132 apps (so far) are affected, with the most popular one seeing roughly 10,000 downloads. But were not at the end of the trail of breadcrumbs yet .. these apps were traced back to just 7 developers, who arent in the same company, but all have a connection to Indonesia (the smoking gun here was the code signing certificate). But... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22139&rss *** Researcher Breaks reCAPTCHA Using Googles Speech Recognition API *** --------------------------------------------- A researcher has discovered what he calls a "logic vulnerability" that allowed him to create a Python script that is fully capable of bypassing Googles reCAPTCHA fields using another Google service, the Speech Recognition API. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/researcher-breaks-recaptcha-… *** Crypt0L0cker Ransomware is Back with Campaigns Targeting Europe *** --------------------------------------------- Crypt0L0cker, otherwise known as TorrentLocker, has started to make resurgence as it performs targeted campaigns at European countries. These attacks are also now using Italys PEC system to digitaly sign SPAM emails in order to make them look more official. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/crypt0l0cker-ransomware-is-b… *** Security Advisory - Buffer Overflow Vulnerability in the Boot Loaders of Huawei Mobile Phones *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170302-… *** DSA-3799 imagemagick - security update *** --------------------------------------------- This update fixes several vulnerabilities in imagemagick: Variousmemory handling problems and cases of missing or incomplete inputsanitising may result in denial of service or the execution of arbitrarycode if malformed TIFF, WPG, IPL, MPC or PSB files are processed. --------------------------------------------- https://www.debian.org/security/2017/dsa-3799 *** AES - Critical - Unsupported - SA-CONTRIB-2017-027 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-027Project: AES encryption (third-party module)Version: 7.x, 8.xDate: 2017-March-01DescriptionThis module provides an API that allows other modules to encrypt and decrypt data using the AES encryption algorithm.The module does not follow requirements for encrypting data safely. An attacker who gains access to data encrypted with this module could decrypt it more easily than should be possible. The maintainer has opted not to fix these weaknesses. See solution... --------------------------------------------- https://www.drupal.org/node/2857028 *** Remember Me - Critical - Unsupported - SA-CONTRIB-2017-025 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-025Project: Remember Me (third-party module)Version: 7.xDate: 2017-March-01Description Remember me is a module that allows users to check "Remember me" when logging in. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466CVE identifier(s) issuedA CVE identifier will... --------------------------------------------- https://www.drupal.org/node/2857015 *** Breakpoint Panels - Critical - Unsupported - SA-CONTRIB-2017-028 *** --------------------------------------------- Advisory ID: DRUPAL-SA-CONTRIB-2017-028Project: breakpoint panels (third-party module)Version: 7.xDate: 2017-March-01Description Breakpoint panels adds a button to the Panels In-Place Editor for each pane. When selected, it will display checkboxes next to all of the breakpoints specified in that modules UI. Unchecking any of these will hide it from that breakpoint. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by... --------------------------------------------- https://www.drupal.org/node/2857073 *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to missing authentication checks (CVE-2016-9729) *** http://www.ibm.com/support/docview.wss?uid=swg21999545 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to SQL injection (CVE-2016-9728) *** http://www.ibm.com/support/docview.wss?uid=swg21999543 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to cross site scripting (CVE-2016-9723, CVE-2017-1133) *** http://www.ibm.com/support/docview.wss?uid=swg21999534 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to cross-site request forgery (CVE-2016-9730) *** http://www.ibm.com/support/docview.wss?uid=swg21999549 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML Entity Injection (CVE-2016-9724) *** http://www.ibm.com/support/docview.wss?uid=swg21999537 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to OS command injection (CVE-2016-9726, CVE-2016-9727) *** http://www.ibm.com/support/docview.wss?uid=swg21999542 --------------------------------------------- *** IBM Security Bulletin: Malicious File Download vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) CVE-2016-9693 *** https://www-01.ibm.com/support/docview.wss?uid=swg21998655 --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-7053, CVE-2016-7054, CVE-2016-7055) *** http://www.ibm.com/support/docview.wss?uid=swg21998755 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ administration command could cause denial of service (CVE-2016-8971) *** https://www-01.ibm.com/support/docview.wss?uid=swg21998663 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970) *** http://www.ibm.com/support/docview.wss?uid=swg21999185 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Sterling Connect:Express for UNIX (CVE-2016-7055, CVE-2017-3731 and CVE-2017-3732) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999470 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark *** http://www.ibm.com/support/docview.wss?uid=swg21999561 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio *** http://www-01.ibm.com/support/docview.wss?uid=swg21999668 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injection (CVE-2017-1124) *** http://www.ibm.com/support/docview.wss?uid=swg21998053 --------------------------------------------- *** IBM Security Bulletin: Mozilla NSS as used in IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2016-2834) *** http://www.ibm.com/support/docview.wss?uid=swg21999532 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to a denial of service (CVE-2016-9740) *** http://www.ibm.com/support/docview.wss?uid=swg21999556 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to information exposure (CVE-2016-9720) *** http://www.ibm.com/support/docview.wss?uid=swg21999533 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to overly permissive CORS access policies (CVE-2016-9725) *** http://www.ibm.com/support/docview.wss?uid=swg21999539 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 1-03-2017
by Daily end-of-shift report 01 Mar '17

01 Mar '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 28-02-2017 18:00 − Mittwoch 01-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Dridex Becomes First Malware Family to Integrate AtomBombing Technique *** --------------------------------------------- Bad news from malware-land after security researchers from IBM reported today theyd discovered the first samples of version 4.0 of the infamous and highly-active Dridex banking trojan. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/dridex-becomes-first-malware… *** Android: Passwort-Manager mit Sicherheitslücken *** --------------------------------------------- Passwort-Manager verwalten auf Smartphones diverse Zugangsdaten. Das ist zwar praktisch - doch nicht immer sind die Daten auch sicher verwahrt, wie das Frauenhofer SIT herausfand. Einige der untersuchten Apps wiesen gravierende Mängel auf. --------------------------------------------- https://heise.de/-3640040 *** Botnets *** --------------------------------------------- Botnets have existed for at least a decade. As early as 2000, hackers were breaking into computers over the Internet and controlling them en masse from centralized systems. Among other things, the hackers used the combined computing power of these botnets to launch distributed denial-of-service attacks, which flood websites with traffic to take them down.But now the problem is getting worse, thanks to a flood of cheap webcams, digital video recorders, and other gadgets in the "Internet of... --------------------------------------------- https://www.schneier.com/blog/archives/2017/03/botnets.html *** BSI legt Grundstein für Prüfungen gemäß IT-Sicherheitsgesetz *** --------------------------------------------- Betreiber kritischer Infrastruktur müssen sich zukünftig regelmäßig prüfen lassen und dabei nachweisen, Sicherheitsvorkehrungen gemäß dem Stand der Technik vorgenommen zu haben. Die ersten Schulungen für Prüfer machen klar, was das konkret bedeutet. --------------------------------------------- https://heise.de/-3632463 *** Wir werden alle an der Cloud verbluten .. oder so *** --------------------------------------------- http://www.cert.at/services/blog/20170301112306-1918.html *** [2017-03-01] XXE and XSS vulnerabilities in Aruba AirWave *** --------------------------------------------- The authenticated XXE and reflected XSS vulnerabilities were found in Aruba AirWave versions prior to 8.2.3.1. The XXE flaw can be exploited by either a low-privileged user or a social engineering attack which could allow an attacker to read sensitive files on the system. --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2017… *** DFN-CERT-2017-0362: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0362/ *** SSA-934525 (Last Update 2017-03-01): Vulnerability in SINUMERIK Integrate *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525… *** SSA-701708 (Last Update 2017-03-01): Local Privilege Escalation in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708… *** SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro SafeSync for Enterprise (SSFE) 3.2 *** --------------------------------------------- Trend Micro has released a new build for Trend Micro SafeSync for Enterprise (SSFE) 3.2. This fix resolves multiple vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. --------------------------------------------- https://success.trendmicro.com/solution/1116749 *** Cisco Prime Infrastructure Cross-Site Scripting Vulnerability *** --------------------------------------------- A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. There are no workarounds that address this vulnerability. --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** Cisco NetFlow Generation Appliance Stream Control Transmission Protocol Denial of Service Vulnerability *** --------------------------------------------- A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data... --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718) *** --------------------------------------------- A vulnerability has been identified in the Expat XML parser, which affects IBM Security Access Manager appliances. CVE(s): CVE-2016-0718 Affected product(s) and affected version(s): IBM Security Access Manager for Web 7.0 appliances, all firmware versions. IBM Security Access Manager for Web 8.0 appliances, all firmware versions. IBM Security Access Manager for Mobile 8.0 appliances, all... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998991 *** IBM Security Bulletin: Tivoli Storage Manger (IBM Spectrum Protect) SQL interface vulnerable to unauthorized access (CVE-2016-8940) *** --------------------------------------------- Tivoli Storage Manager (IBM Spectrum Protect) SQL interface is vulnerable to unauthorized access to user credentials and product sensitive information. CVE(s): CVE-2016-8940 Affected product(s) and affected version(s): This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels: 7.1.0.0 through 7.1.7.0 6.3.0.0 through 6.3.6.0 6.2, 6.1, and 5.5 all levels (these releases... --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21998946 *** Novell Patches *** --------------------------------------------- *** iManager 3.0.2.1 *** https://download.novell.com/Download?buildid=z_UnDt0kYyM~ --------------------------------------------- *** eDirectory 8.8 SP8 Patch 9 HotFix 2 *** https://download.novell.com/Download?buildid=KcXKGUw7GSg~ --------------------------------------------- *** eDirectory 9.0.2 Hot Fix 2 *** https://download.novell.com/Download?buildid=dRl85TKqwOE~ --------------------------------------------- *** iManager 2.7 Support Pack 7 - Patch 9 *** https://download.novell.com/Download?buildid=v_njeFs4biE~ ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 28-02-2017
by Daily end-of-shift report 28 Feb '17

28 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 27-02-2017 18:00 − Dienstag 28-02-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Mac-AV-Software ermöglichte Einschleusen von Schadcode *** --------------------------------------------- Eine unzureichende Absicherung bei der Lizenzprüfung von Eset Endpoint Antivirus für macOS ermöglichte es einem Angreifer, beliebigen Code mit Root-Rechten auszuführen. Die als kritisch eingestufte Sicherheitslücke wurde inzwischen behoben. --------------------------------------------- https://heise.de/-3638786 *** MongoDB: Sprechender Teddy teilte alle Daten mit dem Internet *** --------------------------------------------- Spielzeug aus der Cloudpets-Reihe zeichnet die Stimmen der Kinder auf. Wem das nicht schon zu creepy ist, der dürfte sich spätestens über die offene MongoDB-Datenbank aufregen. 800.000 Nutzer mit über 2 Millionen Sprachsamples sind betroffen. (Spielzeug, Datenschutz) --------------------------------------------- https://www.golem.de/news/mongodb-sprechender-teddy-teilte-alle-daten-mit-d… *** Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs *** --------------------------------------------- A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a websites database. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/severe-sql-injection-flaw-di… *** Decrypting after a Findzip ransomware infection *** --------------------------------------------- The Findzip ransomware was discovered on February 22, 2017. At that time, it was thought that files would be irreversibly encrypted by this ransomware, with no chance of decryption. Turns out, thats not quite true. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip… *** Guidelines on Incident Notification for Digital Service Providers *** --------------------------------------------- ENISA publishes a comprehensive guideline on how to implement incident notification requirements for Digital Service Providers, in the context of the NIS Directive. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/guidelines-on-incident-notifica… *** DFN-CERT-2017-0355: TYPO3: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe und das Umgehen von Sichherheitsvorkehrungen *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0355/ *** DFN-CERT-2017-0340: Red Hat Package Manager (RPM): Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0340/ *** SAP BusinessObjects Financial Consolidation Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037910 *** VU#742632: Sage XRT Treasury database fails to properly restrict access to authorized users *** --------------------------------------------- Vulnerability Note VU#742632 Sage XRT Treasury database fails to properly restrict access to authorized users Original Release date: 28 Feb 2017 | Last revised: 28 Feb 2017 Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT Treasury is a business finance... --------------------------------------------- http://www.kb.cert.org/vuls/id/742632 *** DFN-CERT-2017-0356: ktnef: Eine Schwachstelle ermöglicht u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0356/ *** Bugtraq: Advisory X41-2017-001: Multiple Vulnerabilities in X.org *** --------------------------------------------- http://www.securityfocus.com/archive/1/540180 *** VTS17-003: Multiple Vulnerabilities in Veritas NetBackup and NetBackup Appliance *** --------------------------------------------- https://www.veritas.com/content/support/en_US/security/VTS17-003.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2017 CPU *** http://www-01.ibm.com/support/docview.wss?uid=swg21998379 --------------------------------------------- *** IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995) *** http://www.ibm.com/support/docview.wss?uid=swg21998885 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in IBM Jazz for Service Management affects IBM Performance Management products (CVE-2016-9975) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993846&myns=swgtiv&mynp=… --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller *** http://www-01.ibm.com/support/docview.wss?uid=swg21983083 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427) *** http://www-01.ibm.com/support/docview.wss?uid=swg21983082 --------------------------------------------- *** IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products *** http://www.ibm.com/support/docview.wss?uid=swg21993794 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Controller. *** http://www-01.ibm.com/support/docview.wss?uid=swg21977636 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Controller (CVE-2015-3195) *** http://www-01.ibm.com/support/docview.wss?uid=swg21976531 --------------------------------------------- *** IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999478 --------------------------------------------- *** IBM Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999395 --------------------------------------------- *** IBM Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050) *** http://www.ibm.com/support/docview.wss?uid=swg21999474 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879) *** http://www.ibm.com/support/docview.wss?uid=swg21997341 --------------------------------------------- *** IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880) *** http://www.ibm.com/support/docview.wss?uid=swg21997340 --------------------------------------------- *** IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999488 --------------------------------------------- *** IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM and Incident Forensics is vulnerable to various CVEs *** http://www.ibm.com/support/docview.wss?uid=swg21999479 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 27-02-2017
by Daily end-of-shift report 27 Feb '17

27 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 24-02-2017 18:00 − Montag 27-02-2017 18:00 Handler: Stephan Richter Co-Handler: n/a *** Project Zero: Erneut ungepatchter Microsoft-Bug veröffentlicht *** --------------------------------------------- Project Zero meint es ernst: Zum dritten Mal innerhalb weniger Monate gibt es einen Bugreport ohne Patch von Microsoft. Dieses Mal handelt es sich um einen Type-Confusion-Fehler in Internet Explorer und Edge. --------------------------------------------- https://www.golem.de/news/project-zero-erneut-ungepatchter-microsoft-bug-ve… *** DFN-CERT-2017-0348: Microsoft Internet Explorer, Microsoft Edge: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes *** --------------------------------------------- Ein entfernter, nicht authentifizierter Angreifer, welcher einen Benutzer zum Besuch einer bösartig manipulierten Webseite verleiten kann, kann die Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Zustand zu bewirken oder beliebigen Programmcode zur Ausführung zu bringen. Diese Schwachstelle wird von dem Google Projekt Zero veröffentlicht, da der Zeitraum, der dem Hersteller zum Beheben der Schwachstelle eingeräumt wurde (90 Tage), abgelaufen ist. Ein Sicherheitsupdate steht derzeit noch nicht zur Verfügung. Ein Proof-of-Concept zur Ausnutzung der Schwachstelle ist ebenfalls verfügbar. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0348/ *** Cloudflare data leak...what does it mean to me?, (Fri, Feb 24th) *** --------------------------------------------- The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is that in raresituations, a bug in Cloudflares edge servers could be triggered, which would cause a buffer overrun to occur. When these buffer overruns occurred, random data would be returned in the replies from the Cloudflare servers. This data would be data from any of Cloudflares customer... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22113&rss *** Zahlungsverkehr: Swift verlangt bessere Cyberabwehr *** --------------------------------------------- Im Kampf gegen Cyberkriminelle verlangt das Zahlungsverkehrssystem Swift größere Anstrengungen seitens der angeschlossenen Banken. --------------------------------------------- https://futurezone.at/b2b/zahlungsverkehr-swift-verlangt-bessere-cyberabweh… *** DSA-3795 bind9 - security update *** --------------------------------------------- It was discovered that a maliciously crafted query can cause ISCsBIND DNS server (named) to crash if both Response Policy Zones (RPZ)and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. Itis uncommon for both of these options to be used in combination, sovery few systems will be affected by this problem in practice. --------------------------------------------- https://www.debian.org/security/2017/dsa-3795 *** SHA1 Collision Attack Makes Its First Victim: Subversion Repositories *** --------------------------------------------- It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-… *** DSA-3796 apache2 - security update *** --------------------------------------------- Several vulnerabilities were discovered in the Apache2 HTTP server. --------------------------------------------- https://www.debian.org/security/2017/dsa-3796 *** More on Bluetooth Ingenico Overlay Skimmers *** --------------------------------------------- This blog has featured several stories about "overlay" card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. Im revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers. --------------------------------------------- https://krebsonsecurity.com/2017/02/more-on-bluetooth-ingenico-overlay-skim… *** Gefälschte Oberbank-Nachricht: Konto gesperrt! *** --------------------------------------------- Kund/innen erhalten scheinbar eine E-Mail der Oberbank. Darin heißt es, dass es zu einem nicht autorisierten Zugriff auf ihr Konto gekommen sei. [...] Es handelt sich um einen Phishingversuch! --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-oberbank-nachricht-k… *** Cyber extortionists hold MySQL databases for ransom *** --------------------------------------------- Ransomware has become cyber crooks' favorite attack methodology for hitting businesses, but not all cyber extortion attempts are effected with this particular type of malware. Since the beginning of the year, we have witnessed attackers compromising databases, exfiltrating data from them, wiping them and then asking for money (0.2 BTC) in order to return the data. They ransacked MongoDB, CouchDB and Hadoop databases, and now they've set MySQL databases in their sights. According to... --------------------------------------------- https://www.helpnetsecurity.com/2017/02/27/mysql-databases-ransom/ *** Security products and HTTPS: lets do it better *** --------------------------------------------- A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether? --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/02/security-products-and-https-… *** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: Slowloris denial-of-service attack vulnerability CVE-2007-6750 *** https://support.f5.com:443/kb/en-us/solutions/public/12000/600/sol12636.htm… --------------------------------------------- *** Security Advisory: Linux kernel vulnerability CVE-2016-9555 *** https://support.f5.com:443/kb/en-us/solutions/public/k/54/sol54095660.html?… --------------------------------------------- *** Security Advisory: Expat XML library vulnerability CVE-2015-2716 *** https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50459349.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8688 *** https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35263486.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8689 *** https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52697522.html?… --------------------------------------------- *** Security Advisory: libarchive vulnerability CVE-2016-8687 *** https://support.f5.com:443/kb/en-us/solutions/public/k/13/sol13074505.html?… --------------------------------------------- *** Security Advisory: Linux kernel vulnerability CVE-2016-4998 *** https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74171196.html?… --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2017-3732 *** https://support.f5.com:443/kb/en-us/solutions/public/k/44/sol44512851.html?… --------------------------------------------- *** Security Advisory: F5 TLS vulnerability CVE-2016-9244 *** https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05121675.html?… --------------------------------------------- *** Security Advisory: PHPMailer vulnerability CVE-2016-10045 *** https://support.f5.com:443/kb/en-us/solutions/public/k/73/sol73926196.html?… --------------------------------------------- *** Security Advisory: BIG-IP REST vulnerability CVE-2016-6249 *** https://support.f5.com:443/kb/en-us/solutions/public/k/12/sol12685114.html?… --------------------------------------------- *** Security Advisory: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337 *** https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59836191.html?… --------------------------------------------- *** Security Advisory: perl-XML-Twig vulnerability CVE-2016-9180 *** https://support.f5.com:443/kb/en-us/solutions/public/k/08/sol08383757.html?… --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2017-3731 *** https://support.f5.com:443/kb/en-us/solutions/public/k/37/sol37526132.html?… --------------------------------------------- *** Security Advisory: BIND vulnerability CVE-2017-3135 *** https://support.f5.com:443/kb/en-us/solutions/public/k/80/sol80533167.html?… --------------------------------------------- *** Security Advisory: libxml2 vulnerability CVE-2015-8806 *** https://support.f5.com:443/kb/en-us/solutions/public/k/04/sol04450715.html?… --------------------------------------------- *** Security Advisory: GnuTLS vulnerability CVE-2017-5334 *** https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31336596.html?… --------------------------------------------- *** Security Advisory: iControl vulnerability CVE-2016-9256 *** https://support.f5.com:443/kb/en-us/solutions/public/k/47/sol47284724.html?… --------------------------------------------- *** Security Advisory: TMM vulnerability CVE-2016-9245 *** https://support.f5.com:443/kb/en-us/solutions/public/k/22/sol22216037.html?… ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 24-02-2017
by Daily end-of-shift report 24 Feb '17

24 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 23-02-2017 18:00 − Freitag 24-02-2017 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter *** Kriminelle versenden gefälschte BAWAK P.S.K.-SMS *** --------------------------------------------- In einer gefälschten BAWAG P.S.K.-SMS heißt es, dass die Bank das Konto von Kund/innen gesperrt habe. Damit diese ihr Konto wieder aktivieren können, sollen sie eine Website aufurfen und ihre Zugangsdaten bekannt geben. Achtung: Es handelt sich um einen Phishingversuch. Am besten ist es, wenn Sie die SMS löschen. --------------------------------------------- https://www.watchlist-internet.at/phishing/kriminelle-versenden-gefaelschte… *** Worlds Largest Spam Botnet Adds DDoS Feature *** --------------------------------------------- Necurs, the worlds largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/worlds-largest-spam-botnet-a… *** Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities *** --------------------------------------------- Just by preventing access to admin accounts, a system administrator could safeguard all the computers under his watch and prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft patched during the past year. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/microsoft/removing-user-admin-rights-… *** Bleeding clouds: Cloudflare server errors blamed for leaked customer data *** --------------------------------------------- While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and tokens, to credentials.Cloudflare moved quickly to fix things, but their postmortem downplays the risk to customers, Ormandy said.The problem on Cloudflares side, which impacted big brands like Uber, Fitbit, 1Password, and OKCupid, was a memory leak. The flaw --------------------------------------------- http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflar… *** Leaked Android Banking Trojan Spotted in Disguise on the Google Play Store *** --------------------------------------------- Just as security experts have predicted, the source code of a potent Android banking trojan that was leaked online in mid-December 2016, is now being seen in live attacks on a regular basis. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/leaked-android-banking-troja… *** LibreOffice Calc and Writer Embedded Object Preview Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System *** --------------------------------------------- http://www.securitytracker.com/id/1037893 *** [Xen-announce] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe *** --------------------------------------------- A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation. --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2017-02/msg00004.html *** [Xen-announce] Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages *** --------------------------------------------- A malicious or buggy guest may corrupt hypervisor state, commonly leading to a host crash (Denial of Service). Privilege escalation or information leaks cannot be excluded. --------------------------------------------- https://lists.xen.org/archives/html/xen-announce/2017-02/msg00005.html *** Novell: NetIQ Access Manager 4.3 Support Pack 1 4.3.1.0-53 *** --------------------------------------------- The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.3 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, Analytics Server and Admin Console. CVE - 20145183 --------------------------------------------- https://download.novell.com/Download?buildid=30pOHdA3ETQ~ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time *** https://www.ibm.com/support/docview.wss?uid=swg21997192 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition *** https://www.ibm.com/support/docview.wss?uid=swg21997194 --------------------------------------------- *** IBM Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998385 --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology *** http://www-01.ibm.com/support/docview.wss?uid=swg21999362 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645) *** http://www.ibm.com/support/docview.wss?uid=swg21998196 --------------------------------------------- *** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5983) *** http://www.ibm.com/support/docview.wss?uid=swg21996871 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) related to IBM WebSphere Application Server Liberty *** http://www.ibm.com/support/docview.wss?uid=swg21999209 --------------------------------------------- *** IBM Security Bulletin: IBM Connections Security Refresh (CVE-2016-5932) *** http://www.ibm.com/support/docview.wss?uid=swg21998294 --------------------------------------------- *** IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463) *** http://www.ibm.com/support/docview.wss?uid=swg21996869 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred *** http://www.ibm.com/support/docview.wss?uid=swg21997638 ---------------------------------------------

1 0

Tageszusammenfassung - Donnerstag 23-02-2017
by Daily end-of-shift report 23 Feb '17

23 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Mittwoch 22-02-2017 18:00 − Donnerstag 23-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Criminals Monetizing Attacks Against Unpatched WordPress Sites *** --------------------------------------------- Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit. --------------------------------------------- http://threatpost.com/criminals-monetizing-attacks-against-unpatched-wordpr… *** MSRT February 2017: Chuckenit detection completes MSRT solution for one malware suite *** --------------------------------------------- In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/02/22/msrt-february-2017-chuc… *** Top 8 Reverse Engineering Tools for Cyber Security Professionals *** --------------------------------------------- Whether it is rebuilding a car engine or diagramming a sentence, people can learn about many things simply by taking them apart and putting them back together again. This process of breaking something down to understand it, build a copy to improve it, is known as reverse engineering. --------------------------------------------- http://resources.infosecinstitute.com/top-8-reverse-engineering-tools-cyber… *** Impact of New Linux Kernel DCCP Vulnerability Limited *** --------------------------------------------- Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks. --------------------------------------------- http://threatpost.com/impact-of-new-linux-kernel-dccp-vulnerability-limited… *** Java, Python FTP Injection Attacks Bypass Firewalls *** --------------------------------------------- Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. --------------------------------------------- http://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/12… *** Kollissionsangriff: Hashfunktion SHA-1 gebrochen *** --------------------------------------------- Forscher von Google und der Universität Amsterdam ist es gelungen, zwei unterschiedliche PDF-Dateien mit demselben SHA-1-Hash zu erzeugen. Dass SHA-1 unsicher ist, war bereits seit 2005 bekannt. (SHA-1, Google) --------------------------------------------- https://www.golem.de/news/kollissionsangriff-hashfunktion-sha-1-gebrochen-1… *** Putty 0.68 released *** --------------------------------------------- http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998) *** http://www.ibm.com/support/docview.wss?uid=swg21998747 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ cluster channel definition causes denial of service to cluster (CVE-2016-9009) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998647 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza PureData System for Analytics (CVE-2016-8610) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997472 --------------------------------------------- *** IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg21995099 --------------------------------------------- *** IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH) *** http://www.ibm.com/support/docview.wss?uid=swg21998714 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998797 ---------------------------------------------

1 0

Tageszusammenfassung - Mittwoch 22-02-2017
by Daily end-of-shift report 22 Feb '17

22 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Dienstag 21-02-2017 18:00 − Mittwoch 22-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Avast Releases a Decryptor for Offline Versions of the CryptoMix Ransomware *** --------------------------------------------- Today, Avast released a decryptor for CryptoMix victims that were encrypted while in offline mode. Offline mode is when the ransomware runs and encrypts a victims computer while there is no Internet connection or the computer cannot connect to the ransomwares Command & Control server. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/avast-releases-a-decryptor-f… *** [R1] Nessus 6.10.2 Fixes One Vulnerability *** --------------------------------------------- Nessus was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g. after a reboot). This issue only affects installations on Windows. --------------------------------------------- http://www.tenable.com/security/tns-2017-06 *** Financial cyberthreats in 2016 *** --------------------------------------------- In 2016 we continued our in-depth research into the financial cyberthreat landscape. Weve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations - such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used. --------------------------------------------- http://securelist.com/analysis/publications/77623/financial-cyberthreats-in… *** Microsoft patcht Flash Player unter Windows außer der Reihe *** --------------------------------------------- Diesen Monat ist der Patchday trotz bekannter Sicherheitslücken in Windows ausgefallen. Nun liefert Microsoft zumindest Patches für kritische Lücken im Flash Player nach. --------------------------------------------- https://heise.de/-3632329 *** Security Advisory - Privilege Elevation Vulnerability Caused by Arbitrary File Upload in Huawei Themes *** --------------------------------------------- The Huawei Themes APP in some Huawei products has a privilege elevation vulnerability due to the lack of theme pack check. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into installing the theme packets, resulting in the execution of arbitrary code. (Vulnerability ID: HWPSIRT-2016-11073) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2699. --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170222-… *** Website Uses "Add Extension to Leave" Popups to Infect Chrome Users *** --------------------------------------------- A malvertising campaign has specifically targeted and redirected Chrome users to a website they couldnt leave unless they agreed to install a rogue Chrome extension. --------------------------------------------- https://www.bleepingcomputer.com/news/security/website-uses-add-extension-t… *** Apple: Logic Pro X 10.3.1 *** --------------------------------------------- Impact: Opening a maliciously crafted GarageBand project file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. --------------------------------------------- https://support.apple.com/en-us/HT207519 *** Sysinternals Updates *** --------------------------------------------- Sysmon v6, Autoruns v13.7, AccessChk v6.1, Process Monitor v3.32, Process Explorer v16.2, LiveKd v5.61, and BgInfo v4.21 --------------------------------------------- https://blogs.technet.microsoft.com/sysinternals/2017/02/17/update-sysmon-v… *** RSA Conference 2017 Playlist *** --------------------------------------------- https://www.youtube.com/playlist?list=PLeUGLKUYzh_j1Q75yeae8upX-T1FLmZWf *** Gefälschte A1-Rechnung verbreitet Schadsoftware *** --------------------------------------------- Kriminelle wollen mit einer scheinbar echten A1-Rechnung Schadsoftware auf fremden Computern hinterlegen. Damit sie das Ziel erreichen, fordern sie Empfänger/innen dazu auf, dass sie die angebliche Rechnung auf einer gefälschten A1-Website herunterladen. Wer die gefälschte Zahlungsaufstellung öffnet, installiert einen Trojaner. Er verschlüsselt Dateien und macht sie unbrauchbar. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-a1-rec… *** Mobile Devices und Softwareupdates *** --------------------------------------------- Mobile Devices bestimmen in unserer modernen Gesellschaft zunehmend den Alltag. Das Lesen von Emails oder das Online-Banking: alltägliche Anwendungen werden immer öfter mit einem mobilen Endgerät umgesetzt, privat oder beruflich. Waren es bis vor kurzem nur Smartphones, welche das Handy abgelöst haben, oder Tablet-Computer, die ursprünglich als Bücher-Ersatz gedacht waren, so folgen heute beispielsweise die Uhr, die Brille, das Auto und viele mehr. --------------------------------------------- https://www.dfn-cert.de/aktuell/mobile_devices_software_updates.html *** SSA-363881 (Last Update 2017-02-22): Web Vulnerabilities in RUGGEDCOM NMS *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881… *** SSA-623229 (Last Update 2017-02-22): DROWN Vulnerability in Industrial Products *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-623229… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Mutiple vulnerabilities in zlib affect IBM ILOG CPLEX Optimization Studio *** http://www.ibm.com/support/docview.wss?uid=swg21997946 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in Brocade Network Advisor affect IBM PureApplication System. *** http://www.ibm.com/support/docview.wss?uid=swg21998725 --------------------------------------------- *** IBM Security Bulletin: Potential cross-site scripting in the Admin Console for WebSphere Application Server (CVE-2016-8934) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992315 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992651 ---------------------------------------------

1 0

Tageszusammenfassung - Dienstag 21-02-2017
by Daily end-of-shift report 21 Feb '17

21 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Montag 20-02-2017 18:00 − Dienstag 21-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Joomla Security - Pornography Spam Campaign in the Wild *** --------------------------------------------- One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet, or even a porn dump. Those unwanted keywords are a result of Search Engine Poisoning (SEP) attacks. This blackhat SEO technique is used by attackers to take advantage of your rankings on Search Engine Result Pages (SERPs). --------------------------------------------- https://blog.sucuri.net/2017/02/joomla-security-pornography-spam-campaign-i… *** Hardening Postfix Against FTP Relay Attacks, (Mon, Feb 20th) *** --------------------------------------------- Yesterday, I read an interesting blog post about exploiting XXE (XML eXternal Entity) flaws to send e-mails. In short: It is possible to trick the application to connect to an FTP server, but since mail servers tend to be forgiving enough, they will just accept e-mail if you use the FTP client to connect to port 25 on a mail server. The mail server will of course initially see the USER and PASS commands, but it will ignore them. Initially, I considered thisa lesser issue. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22086&rss *** New(ish) Mirai Spreader Poses New Risks *** --------------------------------------------- A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices. This is not the case. Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant. So let's make a level-headed assessment of what is really out there. --------------------------------------------- https://securelist.com/blog/research/77621/newish-mirai-spreader-poses-new-… *** Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway GCM nonce generation *** --------------------------------------------- A flaw in NetScaler ADC and Gateway causes GCM nonces to be randomly generated, making it marginally easier for remote attackers to obtain ... --------------------------------------------- https://support.citrix.com/article/CTX220329 *** DFN-CERT-2017-0317: Xen, QEMU: Eine Schwachstelle ermöglicht u.a. die Ausführung beliebigen Programmcodes *** --------------------------------------------- Ein einfach authentifizierter Angreifer im benachbarten Netzwerk mit erweiterten Privilegien (Guest Administator) kann auf Speicher außerhalb von Speichergrenzen zugreifen (Out-of-Bounds Access) und dadurch einen Denial-of-Service (DoS)-Angriff durchführen oder möglicherweise beliebigen Programmcode zur Ausführung bringen. Die Schwachstelle betrifft QEMU in allen Versionen von Xen. Es stehen Sicherheitsupdates zur Verfügung. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0317/ *** Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks *** --------------------------------------------- There are multiple issues and attack scenarios that Caballero discovered, but fortunately, they only affect Internet Explorer 11, but not Edge, or browsers from other vendors. --------------------------------------------- https://www.bleepingcomputer.com/news/security/unstoppable-javascript-attac… *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ invalid requests cause denial of service to MQXR listener (CVE-2016-8986) *** http://www.ibm.com/support/docview.wss?uid=swg21998648 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Invalid channel protocol flows cause denial of service on HP-UX (CVE-2016-8915) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998649 --------------------------------------------- *** IBM Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999040 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-3092, CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998590 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Java clients might send a password in clear text (CVE-2016-3052) *** http://www.ibm.com/support/docview.wss?uid=swg21998660 --------------------------------------------- *** IBM Security Bulletin: IBM WebSphere MQ Channel data conversion denial of service (CVE-2016-3013) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998661 ---------------------------------------------

1 0

Tageszusammenfassung - Montag 20-02-2017
by Daily end-of-shift report 20 Feb '17

20 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Freitag 17-02-2017 18:00 − Montag 20-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a *** Android for Work Security Containers Bypassed with Relative Ease *** --------------------------------------------- Mobile security experts from Skycure have found two methods for bypassing the security containers put around "Android for Work," allowing attackers to access business data saved in this seemingly secure environment. --------------------------------------------- https://www.bleepingcomputer.com/news/mobile/android-for-work-security-cont… *** Users Continue to Install Malware on Their Phone 5 Years After Adobe Discontinued Flash for Android *** --------------------------------------------- It is unbelievable that almost five years after Adobe announced it would stop developing Flash Player for Android, users are still installing a non-existent piece of software, which in almost all cases is just malware in disguise. --------------------------------------------- https://www.bleepingcomputer.com/news/security/users-continue-to-install-ma… *** Google bellows bug news after Microsoft sails past fix deadline *** --------------------------------------------- Mess in Windows graphics library can give bad hombres access to memory Googles Project Zero has again revealed a Windows bug before Microsoft fixed it. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/02/20/google_proj… *** Mongoaudit Helps You Secure MongoDB Databases *** --------------------------------------------- A new tool developed by engineers at Stampery can help database administrators audit the security features of their current MongoDB installations, and take precautionary measures to prevent future exploitation. --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongoaudit-helps-you-secure-… *** BIOS/UEFI mit Ransomware infiziert *** --------------------------------------------- Sicherheitsforscher haben gezeigt, dass sich das BIOS/UEFI eines Computers trotz aktuellem Windows 10 und diversen aktivierten Sicherheitsmechanismen mit einem Erpressungstrojaner infizieren lässt. --------------------------------------------- https://heise.de/-3630662 *** Spam and phishing in 2016 *** --------------------------------------------- 2016 saw a variety of changes in spam flows, with the increase in the number of malicious mass mailings containing ransomware being the most significant. These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall. --------------------------------------------- http://securelist.com/analysis/kaspersky-security-bulletin/77483/kaspersky-… *** SAP Security for Beginners. Part 6: SAP Risks Fraud *** --------------------------------------------- Welcome to the latest part of SAP Risks. After we finished with Espionage and Sabotage, let's eat the last piece of this "sweet cake" dubbed Fraud. In my opinion, fraud is the most common issue in ERP System and other business applications. --------------------------------------------- http://resources.infosecinstitute.com/sap-security-beginners-part-6-sap-ris… *** DFN-CERT-2017-0302: Suricata: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe *** --------------------------------------------- Mehrere nicht näher spezifizierte Schwachstellen in Suricata ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe aufgrund von Speicherlecks und Lesezugriffen außerhalb zugewiesenen Speichers. Der Hersteller informiert über die Schwachstellen und stellt Suricata 3.2.1 zur Behebung dieser Schwachstellen bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0302/ *** tenable: [R1] SecurityCenter 5.4.3 File Upload unserialize() Function PHP Object Handling Remote File Deletion *** --------------------------------------------- SecurityCenter was found to use the PHP unserialize() function in several places in such a way that may allow a remote authenticated attacker to upload a crafted PHP object that resulted in the deletion of arbitrary files. --------------------------------------------- http://www.tenable.com/security/tns-2017-05 *** WordPress Security - Fake TrafficAnalytics Website Infection *** --------------------------------------------- Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. ... Recently, a new variation of this type of infection has emerged. The new campaign uses trafficanalytics[.]online as the source for the injected script. --------------------------------------------- https://blog.sucuri.net/2017/02/fake-trafficanalytics-website-infection.html *** Penetration Testing Tools Cheat Sheet *** --------------------------------------------- Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test. --------------------------------------------- https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ *** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: DOM-based cross-site scripting vulnerability affects IBM Advanced Management Module (AMM) for BladeCenter Systems *** http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50… --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2017-3731) *** http://aix.software.ibm.com/aix/efixes/security/openssl_advisory23.asc ---------------------------------------------

1 0

Tageszusammenfassung - Freitag 17-02-2017
by Daily end-of-shift report 17 Feb '17

17 Feb '17

======================= = End-of-Shift report = ======================= Timeframe: Donnerstag 16-02-2017 18:00 − Freitag 17-02-2017 18:00 Handler: Alexander Riepl Co-Handler: n/a *** Divide Between Work, Personal Data on Android Breached *** --------------------------------------------- Researchers demonstrate how malicious apps can break into secure Android work containers on EMM managed phones. --------------------------------------------- http://threatpost.com/divide-between-work-personal-data-on-android-breached… *** Don’t panic over cyber-terrorism: Daesh-bags still at script kiddie level *** --------------------------------------------- Medieval terror bastards not great at hacking says ex-top NSA lawyer RSA USA There’s no need to panic about the threat of a major online terrorist attack, since ISIS and their allies are all talk and no .. --------------------------------------------- www.theregister.co.uk/2017/02/16/online_terrorism_isnt/ *** Mobile apps and stealing a connected car *** --------------------------------------------- The concept of a connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. By using proprietary mobile .. --------------------------------------------- http://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-… *** DSA-3790 spice - security update *** --------------------------------------------- https://www.debian.org/security/2017/dsa-3790 *** MQTT-Protokoll: IoT-Kommunikation von etwa Reaktoren und Gefängnissen öffentlich einsehbar *** --------------------------------------------- Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen mit ihren Servern – unverschlüsselt, ohne Frage nach Passwörtern. Hacker könnten nicht nur mitlesen, sondern Daten auch manipulieren. --------------------------------------------- https://heise.de/-3629650 *** Darknet-Drogenring in Braunau aufgeflogen *** --------------------------------------------- Die Hinweise auf den Suchtgifthandel kamen von Zollfahndung Frankfurt. Der Kopf der Bande befindet sich in Haft. --------------------------------------------- https://futurezone.at/digital-life/darknet-drogenring-in-braunau-aufgefloge… *** My Friend Cayla: Eltern müssen Puppen ihrer Kinder zerstören *** --------------------------------------------- Smartes Spielzeug wird vor allem von Datenschützern immer wieder kritisiert. In einem Fall greift die .. --------------------------------------------- https://www.golem.de/news/my-friend-cayla-eltern-muessen-puppen-ihrer-kinde… *** MQTT-Protokoll: IoT-Kommunikation von Reaktoren und Gefängnissen öffentlich einsehbar *** --------------------------------------------- Über das Telemetrie-Protokoll MQTT spricht eine unüberschaubare Zahl an IoT-Sensoren in etwa Autos und Flugzeugen .. --------------------------------------------- https://heise.de/-3629650 *** Gag Order: Riseup belebt den Kanarienvogel wieder *** --------------------------------------------- Nachdem Riseup seinen Warrant Canary im vergangenen Jahr nicht aktualisiert hatte, gab es viel Aufregung in der Szene. Jetzt gibt das Kollektiv bekannt: "Wir haben Nutzerdaten herausgegeben." Künftig soll das dank Verschlüsselung nicht mehr möglich sein. --------------------------------------------- https://www.golem.de/news/gag-order-riseup-belebt-den-kanarienvogel-wieder-… *** USB Killer now lets you fry most Lightning and USB-C devices for $55 *** --------------------------------------------- Plus a new, stealthy "anonymous" stick, because thats what the world really needed. --------------------------------------------- https://arstechnica.com/gadgets/2017/02/usb-killer-fry-lightning-usb-c-devi… *** Planning for an InfoSec Conference *** --------------------------------------------- I wasted many an early year going to InfoSec conferences and security events only to find them useless. Well, they werent totally useless, Id often come back with a bag full of goodies that more often than not included stress .. --------------------------------------------- https://www.alienvault.com/blogs/security-essentials/planning-for-an-infose… *** SMTP Strict Transport Security Coming Soon to Gmail, Other Webmail Providers *** --------------------------------------------- SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference --------------------------------------------- http://threatpost.com/smtp-strict-transport-security-coming-soon-to-gmail-o… *** VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for *** --------------------------------------------- APT reports are great for gaining an understanding of how advanced attack groups operate - however, they can also .. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/02/vb2016-paper-apt-reports-and…

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily