======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 13-04-2017 18:00 − Freitag 14-04-2017 18:02 Handler: Alexander Riepl Co-Handler: Stephan Richter
*** Zero Day Exploit: Magento-Onlineshops sind wieder gefährdet *** --------------------------------------------- Wer eine Magento-basierte Onlineshop-Lösung verwendet, sollte dringend seine Einstellungen überprüfen. Ein Sicherheitslücke erlaubt die Kompromittierung der Installation und bringt die Kunden in Gefahr. Der Hersteller arbeitet wohl an einem Patch, kommuniziert dies jedoch nicht vernünftig. --------------------------------------------- https://www.golem.de/news/zero-day-exploit-magento-onlineshops-sind-wieder-g...
*** Exploit Kit Activity Quiets, But Is Far From Silent *** --------------------------------------------- Here are the exploit kits to watch for over the next three to six months. --------------------------------------------- http://threatpost.com/exploit-kit-activity-quiets-but-is-far-from-silent/124...
*** Shadow Brokers Release New Batch of Files Containing Windows and SWIFT Exploits *** --------------------------------------------- On Good Friday and ahead of the Easter holiday, the Shadow Brokers have dumped a new collection of files, containing what appears to be exploits and hacking tools targeting Microsofts Windows OS and the SWIFT banking system. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/shadow-brokers-release-new-ba...
*** BSI definiert Mindeststandard für sichere Web-Browser *** --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat Mindestanforderungen für sichere Web-Browser veröffentlicht. In einer Tabelle vergleicht die Behörde vier aktuelle Browser - einer wies demnach eine schwerwiegende Einschränkung auf. --------------------------------------------- https://heise.de/-3686044
*** Phishing with Unicode Domains *** --------------------------------------------- If I told you this could be a phishing site, would you believed me? tl;dr: check out the proof-of-concept --------------------------------------------- https://www.xudongz.com/blog/2017/idn-phishing/
*** Critical Patch Update - April 2017 - Pre-Release Announcement *** --------------------------------------------- Critical Patch Update - April 2017 - Pre-Release Announcement --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
*** 2017-04 Security Bulletin: EX Series: Crafted IPv6 NDP packet causing a slow memory leak on EX Series Switches (CVE-2017-2315) *** --------------------------------------------- A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switches to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. --------------------------------------------- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10781
*** Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution *** --------------------------------------------- A heap overflow vulnerability has been identified in Citrix NetScaler Gateway that could allow a remote, authenticated user to execute arbitrary commands on the NetScaler Gateway appliance as a root user. --------------------------------------------- https://support.citrix.com/article/CTX222657
*** cURL and libcurl vulnerability CVE-2016-8622 *** --------------------------------------------- cURL and libcurl vulnerability CVE-2016-8622. Security Advisory. Security Advisory Description. ** RESERVED ** This candidate ... --------------------------------------------- https://support.f5.com/csp/article/K23391972
*** VMSA-2017-0007 *** --------------------------------------------- VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0007.html
*** Wecon Technologies LEVI Studio HMI Editor *** --------------------------------------------- This advisory contains mitigation details for heap-based buffer overflow and stack-based buffer overflow vulnerabilities in the Wecon Technologies LEVI Studio HMI Editor. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-103-01
*** Schneider Electric Modicon M221 PLCs and SoMachine Basic *** --------------------------------------------- This advisory contains mitigation details for use of hard-coded cryptographic key and protection mechanism failure vulnerabilities in Schneider Electric's Modicon M221 PLCs and SoMachine Basic. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-103-02
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160) *** http://www.ibm.com/support/docview.wss?uid=swg22001574 --------------------------------------------- *** IBM Security Bulletin: IBM API Connect Developer Portal is vulnerable to unauthenticated remote code execution (CVE-2017-1161) *** http://www.ibm.com/support/docview.wss?uid=swg22000316 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services *** http://www.ibm.com/support/docview.wss?uid=swg22001536 --------------------------------------------- *** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by tar vulnerabilities (CVE-2010-0624 CVE-2016-6321) *** http://www.ibm.com/support/docview.wss?uid=isg3T1025085 --------------------------------------------- *** IBM Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998864 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight *** http://www.ibm.com/support/docview.wss?uid=swg21999652 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 *** http://www.ibm.com/support/docview.wss?uid=swg21999649 --------------------------------------------- *** IBM Security Bulletin: Unvalidated redirection URL vulnerability in IBM Marketing Platform (CVE-2016-0228) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001952 ---------------------------------------------
Next End-of-Shift report: 2017-04-18