======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 05-04-2017 18:00 − Donnerstag 06-04-2017 18:00 Handler: Stephan Richter Co-Handler: n/a
*** Forscher warnen vor Gefahr durch Viren-Signaturen *** --------------------------------------------- Mit Hilfe der von Antiviren-Software eingesetzten Signaturen könnten Angreifer gezielt Fehlalarme auslösen. Im schlimmsten Fall kann das ein Opfer das komplette Mail-Archiv kosten. --------------------------------------------- https://heise.de/-3675819
*** Teenager Arrested in Austria for Spreading Philadelphia Ransomware *** --------------------------------------------- Austrian police arrested a 19-year-old teenager from Linz for infecting the network of a local company with the Philadelphia ransomware. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/teenager-arrested-in-austria-...
*** Trust issues: Know the limits of SSL certificates *** --------------------------------------------- Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation's Let's Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.To read this article in full or to... --------------------------------------------- http://www.cio.com/article/3187881/internet/trust-issues-know-the-limits-of-...
*** Cisco Access Points: Zugriff mit offenen Default-Accounts *** --------------------------------------------- Bis zum Mittwoch konnten sich Angreifer mittels Default-Zugangsdaten Zugriff auf Cisco WLAN Access Points der Aeronet-Serie verschaffen. Ein Sicherheits-Update fixt das. Drei weitere schließen Einfallstore für DoS-Angriffe auf WLAN-Controller. --------------------------------------------- https://heise.de/-3677288
*** Wie Sie verschlüsselte Dateien wiederherstellen können *** --------------------------------------------- Mit einem Verschlüsselungstrojaner können Kriminelle Dateien von Opfern unbrauchbar machen. Sie verlangen Geld dafür, dass sie den Schaden beseitigen. Die Website nomoreransom.org/de hilft Opfern, die Dateien selbstständig wiederherzustellen, ohne dass sie dafür Geld an die Verbrecher/innen zahlen müssen. --------------------------------------------- https://www.watchlist-internet.at/schadsoftware/wie-sie-verschluesselte-date...
*** Moodle Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Remote Authenticated Users Obtain Usernames and Conduct SQL Injection Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1038174
*** Bugtraq: Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) *** --------------------------------------------- http://www.securityfocus.com/archive/1/540375
*** SECURITY BULLETIN: Trend Micro Smart Protection Server (Standalone) 3.x Command Injection Remote Code Execution Vulnerability *** --------------------------------------------- Trend Micro has released new Critical Patches (CP) for Trend Micro Smart Protection Server (Standalone) versions 3.0 and 3.1. These CPs resolve a vulnerability in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations. --------------------------------------------- https://success.trendmicro.com/solution/1117033
*** BlackBerry powered by Android Security Bulletin - April 2017 *** --------------------------------------------- http://support.blackberry.com/kb/articleDetail?articleNumber=000039276
*** Certec EDV GmbH atvise scada *** --------------------------------------------- This advisory contains mitigation details for cross-site scripting and header injection vulnerabilities in the Certec EDV GmbH atvise scada. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services session identifier vulnerability (CVE-2017-1152) *** http://www.ibm.com/support/docview.wss?uid=swg22001551 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition, affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2016-5549) (CVE-2016-5548) (CVE-2016-5547) (CVE-2016-5546) *** http://www-01.ibm.com/support/docview.wss?uid=swg21999271 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Mobile Connect (CVE-2017-3272,CVE-2017-5548,CVE-2017-3261,CVE-2017-3231,CVE-2016-2183) *** http://www.ibm.com/support/docview.wss?uid=swg22000443 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX *** http://aix.software.ibm.com/aix/efixes/security/java_jan2017_advisory.asc ---------------------------------------------
*** Novell Patches *** --------------------------------------------- *** eDirectory 8.8 SP8 Patch 10 *** https://download.novell.com/Download?buildid=VYtYu65T21Y~ --------------------------------------------- *** iManager 3.0.3 *** https://download.novell.com/Download?buildid=3jd0pzoyux0~ --------------------------------------------- *** iManager 2.7 Support Pack 7 - Patch 10 *** https://download.novell.com/Download?buildid=5NqajLP7bSo~ --------------------------------------------- *** eDirectory 9.0.3 *** https://download.novell.com/Download?buildid=D1U-cCj1YEs~ ---------------------------------------------
*** Cisco Security Advisories *** --------------------------------------------- *** Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco UCS Director Virtual Machine Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Unified Communications Manager SQL Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Registered Envelope Service Open Redirect Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco IOS XE Software Startup Script Local Command Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco IOS XR Software Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Integrated Management Controller Redirection Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Firepower Detection Engine SSL Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... ---------------------------------------------