=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 24-11-2016 18:00 − Freitag 25-11-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Kriminelle bieten Mirai-Botnetz mit 400.000 IoT-Geräten zur Miete an ***
---------------------------------------------
Was macht das Mirai-Botnetz gerade? Die beiden Sicherheitsforscher mit den Pseudonymen 2sec4u und MalwareTech überwachen das Mirai-Botnetz und teilen aktuelle Aktivitäten via Twitter und eine Webseite. Aus der Live Map der Webseite geht hervor, dass bislang über die ganze Welt verteilt insgesamt mehr als 3 Millionen Geräte im Mirai-Botnetz gefangen waren. In den letzten 24 Stunden waren es knapp unter 100.000.
---------------------------------------------
https://www.heise.de/security/meldung/Kriminelle-bieten-Mirai-Botnetz-mit-4…
*** Gehackte Zugänge: Kriminelle versenden Malware mit Mailchimp-Accounts ***
---------------------------------------------
Kriminelle nutzen offenbar übernommene Mailchimp-Accounts, um Malware zu verbreiten. Das geschieht vor allem über Mails mit angeblichen Rechnungen. Alle 2.000 betroffenen Accounts wurden vorläufig stillgelegt.
---------------------------------------------
http://www.golem.de/news/gehackte-zugaenge-kriminelle-versenden-malware-mit…
*** Locky hidden in image file hitting Facebook, LinkedIn users ***
---------------------------------------------
Malware masquerading as an image file is still spreading on Facebook, LinkedIn, and other social networks. Check Point researchers have apparently discovered how cyber crooks are embedding malware in graphic and image files, and how they are executing the malicious code within these images to infect social media users with Locky ransomware variants. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file.
---------------------------------------------
https://www.helpnetsecurity.com/2016/11/25/locky-image-file-facebook-linked…
*** The Week in Ransomware - November 25th 2016 - Locky, Decryptors, Cerber, Open Source Ransomware sucks, and More ***
---------------------------------------------
Lots of ransomware stories this week. We have two new decryptors, quite a few new ransomware infections, PadCrypt being hidden inside a fake credit card generator, and a few new variants. The biggest news is two new variants of the Locky ransomware that append the .zzzzz and .aesir extensions for encrypted files. [...]
---------------------------------------------
http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-novemb…
*** Free Software Quick Security Checklist, (Fri, Nov 25th) ***
---------------------------------------------
Free software (open source or not) is interesting for many reasons. It can be adapted to your own needs, it can be easily integrated within complex architectures but the most important remains, of course, the price. Even if they are many hidden costs related to free software. In case of issues, a lot of time may be spent in searching for a solution or diving into the source code (and everybody knows that time is money!). Today, more and more organisationsare not afraid anymore to deployfree...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21751&rss
*** DFN-CERT-2016-1945: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebiger SQL-Befehle ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1945/
*** Security Advisory - Buffer Overflow Vulnerability in Huawei Firewall Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161125-…
*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running within a guest VM to compromise the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix XenServer 7.0. CVE-2016-9379, CVE-2016-9380, CVE-2016-9381, CVE-2016-9382, CVE-2016-9383, CVE-2016-9385, CVE-2016-9386
---------------------------------------------
https://support.citrix.com/article/CTX218775
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 23-11-2016 18:00 − Donnerstag 24-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Don't let this Black Friday/Cyber Monday spam deliver Locky ransomware to you ***
---------------------------------------------
We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we're seeing a spam campaign that Amazon customers need to be wary of.
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/11/23/dont-let-this-black-fri…
*** LXC CVE-2016-8649 Directory Traversal Vulnerability ***
---------------------------------------------
An attacker can exploit this issue using directory-traversal characters (../) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
---------------------------------------------
http://www.securityfocus.com/bid/94498/info
*** Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability ***
---------------------------------------------
Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy devices with Marshmallow 6.0 are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/94494/info
*** w3m Multiple Security Vulnerabilities ***
---------------------------------------------
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to w3m 0.5.3-33 are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/94464/discuss
*** Research on unsecured Wi-Fi networks across the world ***
---------------------------------------------
We compared the situation with Wi-Fi traffic encryption in different countries using data from our threat database. We counted the number of reliable and unreliable networks in each country that has more than 10 thousand access points known to us
---------------------------------------------
https://securelist.com/blog/research/76733/research-on-unsecured-wi-fi-netw…
*** DFN-CERT-2016-1942/">RealNetworks RealPlayer: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ***
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im RealPlayer ausnutzen, mit Hilfe einer schädlichen präparierten QCP-Mediendatei, zu deren Wiedergabe er einen Benutzer verleitet, um einen Denial-of-Service (DoS)-Angriff durchzuführen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1942/
*** Windows-Update für Secure-Boot-Fehler macht BIOS-Updates erforderlich ***
---------------------------------------------
Mit dem Patch 3193479 beziehungsweise 3200970 für aktuelle Windows-(Server-)Versionen korrigiert Microsoft einen Bug in UEFI Secure Boot, doch einige Server starten danach nicht mehr.
---------------------------------------------
https://heise.de/-3503589
*** Diagnosing cyber threats for smart hospitals ***
---------------------------------------------
ENISA presents a study that sets the scene on information security for the adoption of IoT in Hospitals. The study which engaged information security officers from more than ten hospitals across the EU, depicts the smart hospital ICT ecosystem; and through a risk based approach focuses on relevant threats and vulnerabilities, analyses attack scenarios, and maps common good practices.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/diagnosing-cyber-threats-for-sm…
*** Security Advisory: PHP vulnerability CVE-2016-6288 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71814571.html?…
*** Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016 ***
---------------------------------------------
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco…
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 22-11-2016 18:00 − Mittwoch 23-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** The November 2016 issue of our SWITCH Security Report is available! ***
---------------------------------------------
The topics covered in this report are:
* IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking
* DDoS attack via IoT botnet shuts down parts of Internet
* Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price
---------------------------------------------
https://securityblog.switch.ch/2016/11/23/the-november-2016-issue-of-our-sw…
*** Securing Drupal with ModSecurity and the Core Rule Set (CRS3) ***
---------------------------------------------
Here is a guide aimed at the Drupal community to learn how to work with ModSecurity. OWASP ModSecurity Core Rule Set is a horrible name for a project, that's why we speak of CRS3. This is a security project and for those not familiar with the CRS, I will first give a brief intro first.
---------------------------------------------
https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-…
*** DomainTools 101: How to Spot Phishy Domains on Cyber Monday ***
---------------------------------------------
Just as the Grumeti River in Tanzania harbors dangerous crocodiles just below its surface, a Phishing email usually contains malicious domains waiting for you to click. I read a great article by Bleeping Computer about finding some Google domains that were spoofed using what is known as small caps. This piqued my curiosity ...
---------------------------------------------
https://blog.domaintools.com/2016/11/domaintools-101-how-to-spot-phishy-dom…
*** [DSA 3722-1] vim security update ***
---------------------------------------------
CVE ID : CVE-2016-1248 Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the the filetype, syntax and keymap options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
---------------------------------------------
https://lists.debian.org/debian-security-announce/2016/msg00305.html
*** Mapping Attack Methodology to Controls, (Wed, Nov 23rd) ***
---------------------------------------------
Recently weve seen lots of malicious documents make it through our first protection layers. (https://www.virustotal.com/en/file/79ff976c5ca6025f3bb90ddfa7298286217c2130…) . In the last week, these emails have a word document that spawns a command shell that kicks off a PowerShell script. When working incidents, it is important to map out the attacker lifecycle to determine where to improve your defenses.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21749&rss
*** Telegram API ransomware wrecked three weeks after launch ***
---------------------------------------------
Crypto so bad that getting around it is shooting fish in a barrel Ransomware scum abusing the protocol of the popular Telegram encrypted chat app have been wrecked and their malware ransom system decrypted.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/11/23/owned_teleg…
*** Vuln: TP-LINK TL-WA5210G Buffer Overflow and Information Disclosure Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/94481
*** Pentest-Report cURL 08.2016 [PDF] ***
---------------------------------------------
This report documents findings of a source code audit dedicated to assessing the cURL software. The assessment of the tool was performed by Cure53 as part of the Mozilla's Secure Open Source track program. The results of the project encompass twenty-three security-relevant discoveries.
---------------------------------------------
https://wiki.mozilla.org/images/a/aa/Curl-report.pdf
*** Acunetix 10.0 DLL Hijacking ***
---------------------------------------------
Topic: Acunetix 10.0 DLL Hijacking Risk: Medium Text:Title: Acunetix 10 Multi DLL Hajacking Application: Acunetix Versions Affected: 10.0 Vendor URL: http://www.acunetix.com Di...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110196
*** Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-16-308-02 Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 3, 2016, on the NCCIC/ICS-CERT web site. This advisory contains mitigation details for resource consumption vulnerabilities affecting Schneider Electric's Magelis human-machine interface products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02
*** Security updates available in Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1 ***
---------------------------------------------
Foxit has released Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1, which address potential security and stability issues
---------------------------------------------
https://www.foxitsoftware.com/support/security-bulletins.php
*** Security Advisory: PHP vulnerability - CVE-2016-6288 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71814571.html?…
*** Siemens ***
---------------------------------------------
*** Siemens SIMATIC CP 1543-1 Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01
---------------------------------------------
*** Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02
---------------------------------------------
*** Siemens Industrial Products Local Privilege Escalation Vulnerability (Update A) ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02
*** Huawei ***
---------------------------------------------
*** Security Advisory - Multiple Security Vulnerabilities in Huawei Smart Phone Products ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-…
---------------------------------------------
*** Security Advisory - Privilege Escalation Vulnerability in the FusionStorage ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-…
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in TP Driver of Huawei Smart Phone ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-…
---------------------------------------------
*** Security Advisory - Integer Overflow Vulnerability in Some Huawei Devices ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-…
---------------------------------------------
*** Security Advisory - Buffer Overflow Vulnerability in HIFI Driver of Huawei Smart Phone ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-…
*** VMware ***
---------------------------------------------
*** VMSA-2016-0022 ***
https://www.vmware.com/security/advisories/VMSA-2016-0022.html
---------------------------------------------
*** VMSA-2016-0021 ***
https://www.vmware.com/security/advisories/VMSA-2016-0021.html
---------------------------------------------
*** VMSA-2016-0018.3 ***
https://www.vmware.com/security/advisories/VMSA-2016-0018.html
*** Novell ***
---------------------------------------------
*** eDirectory 9.0.2 (non-root) for Linux ***
https://download.novell.com/Download?buildid=dgSdIXwk2Cc~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 8 for Linux ***
https://download.novell.com/Download?buildid=OFnb6Ew8wPM~
---------------------------------------------
*** iManager 2.7 Support Pack 7 - Patch 8 for Windows ***
https://download.novell.com/Download?buildid=wPIC5t8Drqo~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 9 for Linux ***
https://download.novell.com/Download?buildid=zJBqj6SjCzg~
---------------------------------------------
*** iManager 3.0.2 for Linux ***
https://download.novell.com/Download?buildid=rIhWBDnLYU8~
---------------------------------------------
*** iManager 3.0.2 for Windows ***
https://download.novell.com/Download?buildid=iMupD_KbGcA~
---------------------------------------------
*** eDirectory 9.0.2 for Linux ***
https://download.novell.com/Download?buildid=TLXIiZ6uoho~
---------------------------------------------
*** eDirectory 9.0.2 for Windows ***
https://download.novell.com/Download?buildid=_N2FUsWAalg~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 9 (non-root) for Linux ***
https://download.novell.com/Download?buildid=Y9WDuLNbJxE~
---------------------------------------------
*** eDirectory 8.8 SP8 Patch 9 for Windows ***
https://download.novell.com/Download?buildid=aDcgeiAEaYc~
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 21-11-2016 18:00 − Dienstag 22-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Windows 10 Cannot Protect Insecure Applications Like EMET Can ***
---------------------------------------------
Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points: (1) Microsoft will no longer support EMET after July 31, 2018, and (2) Windows 10 provides protections that make EMET unnecessary. In this blog post, I explain why Windows 10 does not provide the additional protections that EMET does and why EMET is still an important tool to help prevent exploitation of vulnerabilities.
---------------------------------------------
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecur…
*** SSA-603476 (Last Update 2016-11-21): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476…
*** Facebook Messenger: Malware via SVG ***
---------------------------------------------
Vorsicht bei Dateianhängen in Facebooks Chat: Gekaperte Accounts versenden Schadsoftware - neuerdings in Form einer SVG-Grafik.
---------------------------------------------
https://www.heise.de/newsticker/meldung/Facebook-Messenger-Malware-via-SVG-…
*** Moodle Vulns ***
---------------------------------------------
*** Vuln: Moodle MSA-16-0026 Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94456
---------------------------------------------
*** Vuln: Moodle CVE-2016-8643 Security Bypass Vulnerability ***
http://www.securityfocus.com/bid/94457
---------------------------------------------
*** Vuln: Moodle CVE-2016-8644 Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94458
*** Exploit Code Released for NTP Vulnerability ***
---------------------------------------------
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
---------------------------------------------
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
*** The Kings in Your Castle, Pt. #3 ***
---------------------------------------------
In the third episode of Marion Marschaleks and Raphael Vinots series of articles on modern APTs, they will shine some light on the prevalence of Zero-Day vulnerabilities. In reality, the use of Zero-Days is far less common than expected. In fact, APT groups in some cases exploit vulnerabilities which are a couple of years old. On the side of the analysts, they will explain that identical hashes are by no means a reliable indicator for dealing with identical files.
---------------------------------------------
https://blog.gdatasoftware.com/2016/11/29302-kings-in-your-castle-pt-3
*** TYPO3 ***
---------------------------------------------
*** Path Traversal in TYPO3 Core ***
https://typo3.org/news/article/path-traversal-in-typo3-core/
---------------------------------------------
*** Insecure Unserialize in TYPO3 Backend ***
https://typo3.org/news/article/insecure-unserialize-in-typo3-backend/
*** Businesses as Ransomware's Goldmine: How Cerber Encrypts Database Files ***
---------------------------------------------
Possibly to maximize the earning potential of Cerber's developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KntWjaKLssw/
*** Android-Trojaner GT!tr.spy soll vor allem deutsche Bank-Kunden ins Visier nehmen ***
---------------------------------------------
Fortinet ist nach eigenen Angaben auf einen aktuellen Android-Trojaner mit der Bezeichnung GT!tr.spy gestoßen, der es in erster Linie auf Kreditkarten- und Log-in-Daten von deutschen und österreichischen Bank-Kunden abgesehen hat. Davon sollen Kunden von nicht näher beschriebenen 15 deutschen und fünf österreichischen Banken bedroht sein ...
---------------------------------------------
https://heise.de/-3494472
*** Exploit Code Released for NTP Vulnerability ***
---------------------------------------------
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
---------------------------------------------
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
*** FortiOS flow-mode detection bypass under certain conditions ***
---------------------------------------------
A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions...
---------------------------------------------
http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-cer…
*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2016-8610 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/11/sol11307303.html?…
---------------------------------------------
*** Security Advisory: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30403302.html?…
---------------------------------------------
*** Security Advisory: ImageMagick vulnerability CVE-2015-8898 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68785753.html?…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991724
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack for Bare Machine Recovery Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) ***
http://www.ibm.com/support/docview.wss?uid=swg21993925
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) ***
http://www.ibm.com/support/docview.wss?uid=swg21993916
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990083
---------------------------------------------
*** IBM Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989336
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993565
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-0377 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993522
---------------------------------------------
*** IBM Vulnerabilities in BIND impact AIX (CVE-2016-2776, CVE-2016-2775) ***
http://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX ***
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 18-11-2016 18:00 − Montag 21-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Vuln: Huawei Smart Phones Multiple Local Denial of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/94404
*** Vuln: Multiple Lenovo ThinkPad Products CVE-2016-8222 Local Security Bypass Vulnerability ***
---------------------------------------------
Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
---------------------------------------------
http://www.securityfocus.com/bid/94409
*** Security Advisory: PHP vulnerability CVE-2016-6289 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52430518.html?…
*** SSA-672373 (Last Update 2016-11-18): Vulnerabilities in SIMATIC CP 1543-1 ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373…
*** SSA-701708 (Last Update 2016-11-18): Local Privilege Escalation in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708…
*** SAP NetWeaver AS ABAP 7.4 Directory Traversal ***
---------------------------------------------
The code provides access to the file specified after the READ DATASET
statement. The variable transmitted to the input of the statement is
entered in it by user input. Thus, the user can access the files
stored on the operating system. This vulnerability is called a
Directory Traversal.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110168
*** Update wichtig: Sicherheitswarnung zu Symantec-Software ***
---------------------------------------------
Das BSI hat eine Sicherheitswarnung der Stufe 4 bezüglich der Symantec-Produkte Endpoint Security herausgegeben und empfiehlt ein sofortiges Update.
---------------------------------------------
https://heise.de/-3492125
*** Second Chinese Firm In a Week Found Hiding a Backdoor In Android Firmware ***
---------------------------------------------
An anonymous reader quotes Bleeping Computer: Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the targets phone with root privileges. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/A1TnPdkseTU/second-chinese-…
*** Putty Cleartext Password Storage ***
---------------------------------------------
Putty.exe stores Passwords unencrypted for sessions that use a Proxy connection and specify a password to save.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110172
*** WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / XSS ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110174
*** Vuln: Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability ***
---------------------------------------------
Apache OpenOffice is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to gain elevated privileges.
Apache OpenOffice 4.1.2 and prior versions are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/94418
*** DFN-CERT-2016-1916/">GStreamer-Plugin: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ***
---------------------------------------------
Ein entfernter, nicht authentifizierter Angreifer kann mit Hilfe einer speziell präparierten Mediendatei einen Pufferüberlauf auf dem Heap erzeugen, dadurch große Speicherbereiche kontrollieren und in der Folge beliebigen Programmcode ausführen.
Die Schwachstelle kann im Kombination mit anderen Sicherheitslücken und Design-Entscheidungen auf bestimmten Linux-Systemen einfach durch den Besuch einer speziell präparierten Webseite ausgenutzt werden. Es ist dabei keine Interaktion des Benutzers notwendig.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1916/
*** Bugtraq: [security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) ***
---------------------------------------------
HPE has made the following firmware updates available to resolve the
vulnerability in iLO 3 and iLO 4:
For iLO3, please upgrade to firmware v1.88
For iLO4, please upgrade to firmware v2.44
---------------------------------------------
http://www.securityfocus.com/archive/1/539791
*** Oil and Gas Cybersecurity part 3: Midstream Security for Oil ***
---------------------------------------------
I hope you enjoyed the previous parts of Oil and Gas Cyber Security series (Upstream Cyber Security and Oil and Gas Cyber Security 101). Today we will talk about OT and ICS with a special focus on the Midstream sector of the petroleum industry.
---------------------------------------------
http://resources.infosecinstitute.com/oil-and-gas-cybersecurity-part-3-mids…
*** Nemucod Infections Spreading Locky Over Facebook ***
---------------------------------------------
Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware.
---------------------------------------------
http://threatpost.com/nemucod-infections-spreading-locky-over-facebook/1220…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM Social Rendering Templates for Digital Data Connector (CVE-2016-8936) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993895
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by a vulnerability discovered in XSTREAM (CVE-2016-3674) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992217
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and Switches (CVE-2016-0701, CVE-2015-3197) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009610
---------------------------------------------
*** IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and switches (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009608
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 17-11-2016 18:00 − Freitag 18-11-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Webseite aufgerufen, Linux gehackt ***
---------------------------------------------
Linux-Nutzer können sich durch das bloße Aufrufen einer Webseite Schadcode einfangen. Die Ursache ist eine Kombination eigentlich harmloser Ereignisse – und eine Zero-Day-Lücke. Betroffen ist vor allem Fedora Workstation.
---------------------------------------------
https://heise.de/-3489774
*** Google Removing SHA-1 Support in Chrome 56 ***
---------------------------------------------
Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates.
---------------------------------------------
http://threatpost.com/google-removing-sha-1-support-in-chrome-56/122041/
*** MacBook Pro 2016: Malware-Schutz teils ab Werk deaktiviert ***
---------------------------------------------
Apple hat offenbar verpasst, den macOS-Systemintegritätsschutz (System Integrity Protection) auf allen MacBook-Pro-Modellen mit Touch Bar zu aktivieren. SIP soll die Möglichkeiten von Schad-Software begrenzen.
---------------------------------------------
https://heise.de/-3491210
*** 8 million GitHub profiles scraped, data found leaking online ***
---------------------------------------------
Technology recruitment site GeekedIn has scraped 8 million GitHub profiles and left the information exposed in an unsecured MongoDB database. The backup of the database ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/11/18/8-million-github-profiles-scrape…
*** DSA-3718 drupal7 - security update ***
---------------------------------------------
Multiple vulnerabilities has been found in the Drupal content managementframework. For additional information, please refer to the upstream advisoryat https://www.drupal.org/SA-CORE-2016-005
---------------------------------------------
https://www.debian.org/security/2016/dsa-3718
*** Metadaten: Apple speichert Verbindungsdaten mehrere Monate in iCloud ***
---------------------------------------------
Apple bezeichnet sich gern als Datenschutzkonzern. Eine jetzt entdeckte Funktion zeigt aber, dass Apple Verbindungsdaten mehrere Monate im iCloud-Backup ablegt. Das dürfte nicht jedem gefallen.
---------------------------------------------
http://www.golem.de/news/metadaten-apple-speichert-verbindungsdaten-mehrere…
*** Top-Level-Domain .box macht Fritzbox-Routern Probleme ***
---------------------------------------------
Router ist im internen Netz über den Domainnamen fritz.box erreichbar
---------------------------------------------
http://derstandard.at/2000047782737
*** iPhone: Lockscreen-Lücke erlaubt Zugriff auf Kontakte und Fotos ***
---------------------------------------------
Angriffsmethode soll auch bei den neuesten Versionen von iOS funktionieren
---------------------------------------------
http://derstandard.at/2000047783306
*** Google Project Brillo: IoT-Android wird sicherer als Smartphone-Android ***
---------------------------------------------
Google krempelt die Zusammenarbeit mit Herstellern für sein Internet-of-Things-System Brillo im Vergleich zu Android völlig um. So gibt es nur einen Linux-Kernel, der ..
---------------------------------------------
http://www.golem.de/news/google-project-brillo-iot-android-wird-sicherer-al…
*** The Rampage of Locky ***
---------------------------------------------
Locky has been a constant in the malware zoo for a considerable time. And while we are aware that there are still victims being hit by the variant sporting the .ODIN extension, ..
---------------------------------------------
https://blog.gdatasoftware.com/2016/11/29310-the-rampage-of-locky
*** Filesharing: Hacker erbeuten Sourcecoude von Mega.nz ***
---------------------------------------------
Mehrere Gbyte an Quellcode und einige Admin-Zugänge wurden bei Kim Dotcoms Dienst Mega.nz kopiert. Nach Angaben des Unternehmens sind keine Nutzerdaten betroffen, die veröffentlichten Zugänge seien zudem veraltet.
---------------------------------------------
http://www.golem.de/news/filesharing-hacker-erbeuten-sourcecoude-von-mega-n…
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 16-11-2016 18:00 − Donnerstag 17-11-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** VMSA-2016-0020 ***
---------------------------------------------
vRealize Operations update addresses REST API deserialization vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0020.html
*** VMSA-2016-0016.1 ***
---------------------------------------------
vRealize Operations (vROps) updates address privilege escalation vulnerability
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0016.html
*** Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005 ***
---------------------------------------------
https://www.drupal.org/SA-CORE-2016-005
*** VMSA-2016-0018.1 ***
---------------------------------------------
VMware product updates address local privilege escalation vulnerability in Linux kernel
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-00201.html
*** VMSA-2016-0018.1 ***
---------------------------------------------
VMware product updates address local privilege escalation vulnerability in Linux kernel
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0018.html
*** Antivirus tools are a useless box-ticking exercise says Google security chap ***
---------------------------------------------
Advocates whitelists and other tools that genuinely help security Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort ..
---------------------------------------------
www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_ju…
*** DSA-3716 firefox-esr - security update ***
---------------------------------------------
Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3716
*** Tails 2.7 is out ***
---------------------------------------------
https://tails.boum.org/news/version_2.7/
*** Malware Hunters Catch New Android Spyware For Governments In The Wild ***
---------------------------------------------
A group of malware hunters has caught a new Android spyware in the wild. The spyware is marketed to governments and police forces and was made in Italy—but it wasn’t built by the infamous surveillance tech vendor Hacking Team.
---------------------------------------------
https://motherboard.vice.com/read/malware-hunters-catch-new-android-spyware…
*** Internet of Things: US-Regierung veröffentlicht Security-Strategie ***
---------------------------------------------
Sechs Empfehlungen für ein weniger unsicheres Internet of Things hat die US-Regierung ausgearbeitet. Das offizielle Dokument könnte Entwicklern und Sicherheitsabteilungen Rückenwind geben.
---------------------------------------------
https://heise.de/-3488886
*** Erpressungs-Trojaner Ransoc soll Social-Media-Accounts ausspionieren ***
---------------------------------------------
Sicherheitsforschern zufolge droht Ransoc damit, persönliche Daten zu veröffentlichen. Dafür soll er eine individuelle Erpresserbotschaft mit privaten Bildern und Informationen bauen.
---------------------------------------------
https://heise.de/-3488976
*** Call for Papers Domain pulse 2017 ***
---------------------------------------------
Das Generalthema des Domain pulse 2017 lautet „Netzwerken in Netzwerken“ – im weitesten Sinne des Begriffs. Wer oder was wird vernetzt? Wie wichtig ist Vernetzung? Wo findet sie statt? Wie kann sie bestmöglich gelingen? Und welche Probleme kann sie lösen?
---------------------------------------------
http://www.domainpulse.at/de/call-for-papers
*** Forensik-Tool-Hersteller: Apple speichert iPhone-Anrufprotokolle in iCloud – für viele Monate ***
---------------------------------------------
Apple synchronisiert die Anrufhistorie von iCloud-Nutzern automatisch ohne darauf explizit hinzuweisen. Die Software des Herstellers soll Strafverfolgungsbehörden ..
---------------------------------------------
https://heise.de/-3490866
*** Confessions of a Google Spammer ***
---------------------------------------------
Before I became an inbound marketer, I once made $50,000 a month spamming Google. I worked a maximum of 10 hours a week. And I am telling you from the bottom of my heart: never, never ever follow in my footsteps.
---------------------------------------------
https://readthink.com/confessions-of-a-google-spammer-4f2e0c3e9869
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 15-11-2016 18:00 − Mittwoch 16-11-2016 18:00
Handler: Alexander Riepl
Co-Handler: n/a
*** Chinese company installed secret backdoor on hundreds of thousands of phones ***
---------------------------------------------
http://arstechnica.com/security/2016/11/chinese-company-installed-secret-ba…
*** Carbanak Attacks Shift to Hospitality Sector ***
---------------------------------------------
The Carbanak cybercrime gang has shifted strategy and targets the hospitality and restaurant industries with new techniques and malware.
---------------------------------------------
http://threatpost.com/carbanak-attacks-shift-to-hospitality-sector/121966/
*** Cloned Spam Sites in Subdirectories ***
---------------------------------------------
In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using ..
---------------------------------------------
https://blog.sucuri.net/2016/11/cloned-spam-sites-in-subdirectories.html
*** Fake fax ushers in revival of a ransomware family ***
---------------------------------------------
“Criminal case against you” is a message that may understandably cause panic. That’s what a recent spam campaign hopes happens, increasing the likelihood of ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/11/15/fake-fax-ushers-in-revi…
*** Malspam distributing Troldesh ransomware ***
---------------------------------------------
Earlier this week on Monday 2016-11-14, I found an example of malicious spam (malspam) distributing Troldesh ransomware. Troldesh (also called ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21717
*** Lynxspring JENEsys BAS Bridge Vulnerabilities ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01
*** VMware-Produkte abgesichert: Angreifer können aus Gast-System ausbrechen ***
---------------------------------------------
In Fusion und Workstation klafft eine kritische Sicherheitslücke.
---------------------------------------------
https://heise.de/-3484180
*** Ermittlungen gegen Skidata im Betriebsspionage-Verfahren eingestellt ***
---------------------------------------------
Salzburger Firma soll Kundendaten auf IT-Server eines Konkurrenten ausgespäht haben – Laut Staatsanwaltschaft kein widerrechtlicher Datenzugriff
---------------------------------------------
http://derstandard.at/2000047640813
*** Datenschutz bei Mac-App: Shazam will nicht mehr dauerhaft mithören ***
---------------------------------------------
Ein Mikrofon, das dauerhaft angeschaltet ist, dürfte vielen Nutzern Unbehagen bereiten. Genau das tat Shazam auf dem Mac mindestens seit 2014. Jetzt will das ..
---------------------------------------------
http://www.golem.de/news/datenschutz-bei-mac-app-shazam-will-nicht-mehr-dau…
*** Sicherheitsupdates: Symantec-Software kann sich an DLL verschlucken ***
---------------------------------------------
Verschiedene Symantec-Produkte sind angreifbar. Im schlimmsten Fall können Angreifer Systeme kapern.
---------------------------------------------
https://heise.de/-3484233
*** Analysts apply Occams razor to Tesco Bank breach ***
---------------------------------------------
Unexpected items in the banking area Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach.
---------------------------------------------
www.theregister.co.uk/2016/11/16/tesco_bank_breach_competing_theories_analy…
*** Wickedly Clever USB Stick Installs a Backdoor on Locked PCs ***
---------------------------------------------
The proof-of-concept tool PoisonTap uses a series of subtle design flaws to steal a victims cookies and even hack their router or intranet.
---------------------------------------------
https://www.wired.com/2016/11/wickedly-clever-usb-stick-installs-backdoor-l…
*** IT-Sicherheit: Facebook kauft Passwörter im Darknet ***
---------------------------------------------
Die Doppelverwendung von Passwörtern bezeichnet der Sicherheitschef von Facebook als "größte Gefahr für ..
---------------------------------------------
http://www.golem.de/news/it-sicherheit-facebook-kauft-passwoerter-im-darkne…
*** Automobilzulieferer: Leoni schreibt nach 40-Millionen-Betrug Verluste ***
---------------------------------------------
Der Betrugsfall geht an Leoni nicht spurlos vorbei. Nachdem rund 40 Millionen Euro entwendet wurden, schreibt das Unternehmen im vergangenen Quartal Verluste. Die Ermittlungen gehen weiter.
---------------------------------------------
http://www.golem.de/news/automobilzulieferer-leoni-schreibt-nach-40-million…
*** Nach Adobe-Hack: Einigung auf eine Million US-Dollar Strafe ***
---------------------------------------------
Adobe hat sich mit insgesamt 15 US-Bundesstaaten auf eine Strafzahlung von zusammen einer Million US-Dollar geeinigt, weil das Unternehmen 2013 Millionen Nutzerdaten verloren hatte. Die hatten Angreifer bei einem Hack an sich gebracht.
---------------------------------------------
https://heise.de/-3485542
*** Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 14-11-2016 18:00 − Dienstag 15-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Vuln: Git for Windows CVE-2016-9274 Unspecified Untrusted Search Path vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94289
*** CVE-2016-4484: Cryptsetup Initrd root Shell ***
---------------------------------------------
An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition. The shell is executed in the initrd environment. Obviously, the system partition is encrypted and it is not possible to decrypt it (AFAWK). But other partitions may be not encrypted, and so accessible.
---------------------------------------------
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.…
*** phpWebAdmin Version 1.0 SQL Injection Proof Of Concept Exploit ***
---------------------------------------------
The user parameter in the index.php file is vulnerable to a blind SQL time-based Injection attack. Proof of concept is exploit attached below
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110127
*** ImageMagick MagickCore/fx.c Heap Buffer Overflow Vulnerability ***
---------------------------------------------
ImageMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service condition.
---------------------------------------------
http://www.securityfocus.com/bid/94310/discuss
*** The Kings in Your Castle, Pt #2 ***
---------------------------------------------
The second part of Marion Marschaleks and Raphael Vinots article series deals with questions that surround the tools and the data used by analysts. They shine a light on some of the challenges facing analysts when it comes to Indicators of Compromise. While those are easily created and implemented, they can end up being outdated rather quickly. For an effective strategy, other metrics are required which are less easy to create.
---------------------------------------------
https://blog.gdatasoftware.com/2016/11/29304-the-kings-in-your-castle-pt-2
*** Beliebte Chrome-Erweiterungen zur Werbeschleuder mutiert ***
---------------------------------------------
Einige beliebte Chrome-Erweiterungen werden offenbar zur Verbreitung dubioser Werbeanzeigen missbraucht. Wer eine davon installiert hat, sollte sie umgehend entfernen.
---------------------------------------------
https://heise.de/-3465981
*** Windows Mobile Application Penetration Testing Part 4: Intercepting HTTP/HTTPS Traffic on Windows Phones ***
---------------------------------------------
Introduction and Background: In the previous article of the series, we have discussed Sideloading concepts associated with Windows Phone 8.1 apps and UWP apps. In this article, we will discuss how to get your phones/emulators ready for intercepting HTTP/HTTPS traffic to proceed with further analysis of the application.
---------------------------------------------
http://resources.infosecinstitute.com/windows-mobile-application-penetratio…
*** Bypassing Mixed Content Warnings - Loading Insecure Content in Secure Pages ***
---------------------------------------------
There are no doubts that the web is moving forward to HTTPS (secure) content. Most important names have today their certificates ready and their websites are in effect, secure. But have you ever wandered: secure to what extent?
---------------------------------------------
https://www.brokenbrowser.com/loading-insecure-content-in-secure-pages/
*** Cisco IOS XE Software Directory Traversal Vulnerability ***
---------------------------------------------
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system.The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system and running the installation utility command.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Single Sign-on: Eine Milliarde Accounts für Hijacking anfällig ***
---------------------------------------------
Single Sign-on ist praktisch, wird aber oft falsch implementiert. Sicherheitsforscher haben demonstriert, welche Fehler App-Entwickler dabei machen. Mehrere hundert Apps machten dabei Probleme.
---------------------------------------------
http://www.golem.de/news/single-sign-on-eine-milliarde-accounts-fuer-hijack…
*** DLL Loading Issue in Symantec Enterprise Products ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=se…
*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2016-2180 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02652550.html?…
---------------------------------------------
*** Security Advisory: BIG-IP ASM vulnerability CVE-2016-7472 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17119920.html?…
---------------------------------------------
*** Security Advisory: Apache Tomcat vulnerabilities CVE-2016-5018, CVE-2016-6794, and CVE-2016-6796 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/65/sol65230547.html?…
---------------------------------------------
*** Security Advisory: Apache Tomcat vulnerability CVE-2016-6797 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36302720.html?…
---------------------------------------------
*** Security Advisory: Apache Tomcat vulnerability CVE-2016-0762 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36784855.html?…
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568) ***
http://www.ibm.com/support/docview.wss?uid=swg21993861
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5582) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993857
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024488
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Perl affects Power Hardware Management Console (‪‪CVE-2016-1238‬) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021704
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple perl vulnerabilities (CVE-2016-1238, CVE-2016-2381, CVE-2016-8853) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024470
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in fontconfig (CVE-2016-5384) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024468
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in sqlite (CVE-2016-6153) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024467
---------------------------------------------
*** IBM Security Bulletin: IBM PowerVC Local escalation of privilege vulnerability in DB2 for Linux (CVE-2016-5995) ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021652
---------------------------------------------
*** IBM Security Bulletin: Samba vulnerability issue in IBM SONAS (CVE-2016-2119) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009570
---------------------------------------------
*** IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2016-2985 and CVE-2016-2984 ) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009323
---------------------------------------------
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-11-2016 18:00 − Montag 14-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** No payment necessary: Fighting back against ransomware ***
---------------------------------------------
Any IT professional who's ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having information, tools and technologies to help protect your network can mean the difference between serious...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/11/11/no-payment-necessary-fi…
*** New Guide on How to Fix Hacked Joomla! Sites ***
---------------------------------------------
Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla! events around the world, and our cofounder Dre Armeda is a keynote speaker at the upcoming Joomla! World Conference in Vancouver, Canada. Continue reading New
---------------------------------------------
https://blog.sucuri.net/2016/11/new-guide-fix-hacked-joomla-sites.html
*** Vuln: Docker Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
Vulnerable: Docker 1.12, Docker 1.6.1, Docker 1.6, Docker 1.3.3, Docker 1.4.1, Docker 1.3.2, Docker 1.3.1, Docker 1.3.0, Docker 1.12.3, Docker 1.12.2, Docker 1.0.0
---------------------------------------------
http://www.securityfocus.com/bid/94272
*** Vuln: Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerabilities ***
---------------------------------------------
Sophos Web Appliance is prone to a privilege-escalation vulnerability and remote code-execution vulnerabilities.
Attackers can leverage these issues to gain elevated privileges or execute arbitrary commands within the context of the affected application.
Sophos Web Appliance 4.2.1.3 is vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/94274
*** OWASP ModSecurity Core Rule Set Version 3.0 Released ***
---------------------------------------------
Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DKhaxHVZD-s/owasp-modsecuri…
*** MikroTik RouterOS 6.36.2 Cross Site Scripting ***
---------------------------------------------
Topic: MikroTik RouterOS 6.36.2 Cross Site Scripting
Risk: Low
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110115
*** VMSA-2016-0019 ***
---------------------------------------------
VMware product updates address local privilege escalation vulnerability in linux kernel
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0019.html
*** Kaspersky Lab Black Friday Threat Overview 2016 ***
---------------------------------------------
Our research shows that, over the last few years, the holiday period which starts on so-called Black Friday was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.
---------------------------------------------
http://securelist.com/analysis/publications/76615/kaspersky-lab-black-frida…
*** [2016-11-14] Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 ***
---------------------------------------------
Attackers are able to control the SolarEagle V2.00 / MPPT Solar Controller SMART2 device as authentication is broken. Furthermore attackers can eavesdrop the unencrypted communication or denial service.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/2016…
*** Adult Friend Finder: 412 Milionen Accounts von Datingseite gehackt ***
---------------------------------------------
Nach dem Ashley-Madison-Hack gibt es einen weiteren großen Einbruch in ein Datingnetzwerk. Angreifer veröffentlichten 412 Millionen Accountdaten des Webseitennetzwerkes rund um Adult Friend Finder.
---------------------------------------------
http://www.golem.de/news/adult-friend-finder-412-milionen-accounts-von-dati…
*** Vuln: Jenkins Java Deserialization Remote Code Execution Vulnerability ***
---------------------------------------------
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
---------------------------------------------
http://www.securityfocus.com/bid/94281
*** [TYPO3-announce] Vulnerabilities in multiple third party TYPO3 CMS extensions ***
---------------------------------------------
several vulnerabilities have been found in the following third party TYPO3 extensions:
- "Store Locator" (locator)
- "Code Highlighter" (mh_code_highlighter)
- "Shibboleth Authentication" (shibboleth_auth)
- "Secure Download Form" (rs_securedownload)
- "Member Infosheets" (if_membersheet)
- "TC Directmail" (tcdirectmail)
---------------------------------------------
http://lists.typo3.org/pipermail/typo3-announce/2016/000388.html
*** NIST Small Business Information Security guide for Small businesses ***
---------------------------------------------
The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses.
---------------------------------------------
http://securityaffairs.co/wordpress/53423/breaking-news/nist-small-business…
*** [CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE ***
---------------------------------------------
Versions Affected: Apache OpenMeetings 3.1.0
Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack The issue was fixed in 3.1.2. All users are recommended to upgrade to Apache OpenMeetings 3.1.3
---------------------------------------------
http://www.securityfocus.com/archive/1/539751
*** Recordings from AppSecUSA 2016 in Washington, DC ***
---------------------------------------------
https://www.youtube.com/playlist?list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N
*** E-Mail-Sicherheitslücke in LTE-Router von Drei ***
---------------------------------------------
Jeder Nutzer, der sich mit einem Drei-Smartphone bei einem Drei-LTE-Router anmeldet, hat Zugriff auf die E-Mails des Router-Besitzers.
---------------------------------------------
https://futurezone.at/produkte/e-mail-sicherheitsluecke-in-lte-router-von-d…
*** Updated Good Practice Guide on National Cyber Security Strategies by ENISA ***
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/updated-good-practice-guide-on-…
*** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 ***
---------------------------------------------
On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities.
...
Cisco investigated its product line to determine which products may be affected by these vulnerabilities and the impact of the vulnerabilities on each affected product. For information about whether a product is affected, refer to the “Vulnerable Products” and “Products Confirmed Not Vulnerable” sections of this advisory.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-…
*** Master Decryption Keys and Decryptor for the Crysis Ransomware Released. ***
---------------------------------------------
The master decryption keys for the CrySiS Ransomware have been released this morning in a post on the BleepingComputer.com forums. At approximately 1 AM EST, a member named crss7777 created a post in the CrySiS support topic at BleepingComputer with a Pastebin link to a file containing the master decryption keys and how to use them. [...]
---------------------------------------------
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-de…
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities have been addressed in LMS 5.0 on Cloud ***
http://www.ibm.com/support/docview.wss?uid=swg21993982
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2016-6304, CVE-2016-6303, CVE-2016-2178, CVE-2016-6306 and CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009586
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992898
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009585
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty which may impact IBM Streams (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993612
---------------------------------------------
*** IBM Security Bulletin: A Security Vulnerability has been fixed in IBM Security Privileged Identity Manager (CVE-2016-5964) ***
http://www.ibm.com/support/docview.wss?uid=swg21994065
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009590
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Portal (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989359
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Security Update ***
http://www.ibm.com/support/docview.wss?uid=swg21990864
---------------------------------------------
*** IBM Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-0392) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009571
---------------------------------------------