[CERT-daily] Tageszusammenfassung - Donnerstag 25-08-2016

======================= = End-of-Shift report = =======================

Timeframe: Mittwoch 24-08-2016 18:00 − Donnerstag 25-08-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl

*** Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability *** --------------------------------------------- A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent .. --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Financial Transaction Manager for ACH Services, Check Services, Corporate Payment Services (CVE-2016-5920, CVE-2016-1181, CVE-2016-1182, CVE-2016-3060) *** --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21989060

*** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Demo package on the Web Potential DLL Loading Code Execution Vulnerability (CVE-2016-5934 ) *** --------------------------------------------- IBM Tivoli Storage Manager FastBack Demo package on the Web contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988908

*** IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in OpenSSL *** --------------------------------------------- Vulnerabilities have been identified in OpenSSL. IBM Security Access Manager for Mobile uses OpenSSL and is affected by these vulnerabilities. CVE(s): CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, .. --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg21988189

*** Hacked Email: Why Cyber Criminals Want to Get Into Your Inbox *** --------------------------------------------- “I don’t care about getting hacked, there’s nothing valuable in my email” If I got a nickel .. --------------------------------------------- https://heimdalsecurity.com/blog/hacked-email-why-cyber-criminals-want-inbox...

*** Example of Targeted Attack Through a Proxy PAC File, (Wed, Aug 24th) *** --------------------------------------------- Yesterday, I discovered a nice example of targeted attack against a Brazilian bank. It started with an email sample like this: This message was sent to a .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21405

*** Bugtraq: WebKitGTK+ Security Advisory WSA-2016-0005 *** --------------------------------------------- http://www.securityfocus.com/archive/1/539295

*** [2016-08-25] Multiple vulnerabilities in Micro Focus (Novell) GroupWise *** --------------------------------------------- Micro Focus (Novell) GroupWise 2014 (up to R2 SP1) contains vulnerabilities that allow an attacker to take over user sessions by sending the victim a crafted email, take over administrator accounts or potentially compromise the system (heap based buffer overflow). --------------------------------------------- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160...

*** SWEET32: Kurze Verschlüsselungsblöcke sorgen für Kollisionen *** --------------------------------------------- Ein neuer Angriff auf TLS- und VPN-Verbindungen betrifft alte Verschlüsselungsalgorithmen wie Triple-DES und Blowfish, die Daten in 64-Bit-Blöcken verschlüsseln. Der Angriff erfordert das Belauschen vieler Gigabytes an Daten und dürfte damit nur selten praktikabel sein. --------------------------------------------- http://www.golem.de/news/sweet32-kurze-verschluesselungsbloecke-sorgen-fuer-...

*** Cisco liefert Sicherheits-Patches für NSA-Exploit ExtraBacon aus *** --------------------------------------------- Admins müssen Firewalls mit der Adaptive-Security-Appliance-Software (ASA) nun nicht mehr mittels eines Workarounds absichern: Cisco stopft die Schwachstelle mit abgesicherten Versionen. --------------------------------------------- http://heise.de/-3304688

*** Falsche Bank Austria-Mail: „Zahlungsbestätigung Monatsbeitrag“ *** --------------------------------------------- Internet-Nutzer/innen erhalten eine angebliche Benachrichtigung der Bank Austria. In dieser heißt es, dass der Newsletter und ein Gewinnspiel monatlich EUR 39,99- kosten. Den Gebrauch des Services sollen Kund/innen auf einer Website bestätigen. Empfänger/innen der E-Mail dürfen das nicht tun, denn andernfalls übermitteln sie Zugangsdaten an Kriminelle. --------------------------------------------- https://www.watchlist-internet.at/phishing/falsche-bank-austria-mail-zahlung...

*** Security Advisory - Resource Management Vulnerability in Huawei Servers *** --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-0...

*** Stolen devices to blame for many breaches in the financial services sector *** --------------------------------------------- Bitglass performed an analysis of all breaches in the financial services sector since 2006, with data aggregated from public databases and government mandated disclosures. They found that leaks nearly doubled between .. --------------------------------------------- https://www.helpnetsecurity.com/2016/08/25/breaches-financial-services-secto...

*** Falsche Verbund-Rechnung verbreitet Schadsoftware *** --------------------------------------------- Im E-Mailpostfach findet sich eine Rechnung des Stromanbieters Verbund. Kund/innen können die Zahlungaufforderung auf der Website „verbund-bill.com“ ansehen. Das dürfen Empfänger/innen nicht tun, denn andernfalls installieren sie Schadsoftware auf ihrem Computer. Diese macht den PC unbrauchbar. Kriminelle fordern Bitcoins, um das zu ändern. --------------------------------------------- https://www.watchlist-internet.at/gefaelschte-rechnungen/falsche-verbund-rec...

*** BMI warnt: Erst Taschendiebstahl von iPhone, dann Phishing *** --------------------------------------------- Es werden vermehrt iPhones in Österreich gestohlen. Mit einer Masche wird danach die Fernsperre außer Kraft gesetzt. --------------------------------------------- http://futurezone.at/digital-life/bmi-warnt-erst-taschendiebstahl-von-iphone...

*** How the Consumer Product Safety Commission is (Inadvertently) Behind the Internet’s Largest DDoS Attacks *** --------------------------------------------- The mission of the United States Governments Consumer Product Safety Commission (CPSC) is to protect consumers from injury by products. Its ironic then that the CPSC .. --------------------------------------------- https://blog.cloudflare.com/how-the-consumer-product-safety-commission-is-in...