======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 15-09-2016 18:00 − Freitag 16-09-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a
*** DSA-3668 mailman - security update *** --------------------------------------------- It was discovered that there was a CSRF vulnerability in mailman, aweb-based mailing list manager, which could allow an attacker to obtaina users password. --------------------------------------------- https://www.debian.org/security/2016/dsa-3668
*** Yokogawa STARDOM Authentication Bypass Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an authentication bypass vulnerability in the Yokogawa STARDOM controller. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-259-01
*** ABB DataManagerPro Credential Management Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a credential management vulnerability in ABB’s DataManagerPro application. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-259-02
*** Trane Tracer SC Sensitive Information Exposure Vulnerability *** --------------------------------------------- This advisory contains mitigation details for an information exposure vulnerability in Trane U.S. Inc.’s Tracer SC field panel. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-16-259-03
*** Attack Leverages Windows Safe Mode *** --------------------------------------------- Researchers say a proof-of-concept attack using Windows Safe Mode can lead to credential theft and allow hackers to move laterally within a corporate network. --------------------------------------------- http://threatpost.com/attack-leverages-windows-safe-mode/120622/
*** Ransomware Getting More Targeted, Expensive *** --------------------------------------------- I shared a meal not long ago with a source who works at a financial services company. The subject of ransomware came up and he told me that a server in his .. --------------------------------------------- http://krebsonsecurity.com/2016/09/ransomware-getting-more-targeted-expensiv...
*** DSA-3670 tomcat8 - security update *** --------------------------------------------- Dawid Golunski of LegalHackers discovered that the Tomcat init scriptperformed unsafe file handling, which could result in local privilegeescalation. --------------------------------------------- https://www.debian.org/security/2016/dsa-3670
*** DSA-3669 tomcat7 - security update *** --------------------------------------------- Dawid Golunski of LegalHackers discovered that the Tomcat init scriptperformed unsafe file handling, which could result in local privilegeescalation. --------------------------------------------- https://www.debian.org/security/2016/dsa-3669
*** Necurs – the Heavyweight Malware Spammer *** --------------------------------------------- Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its spamming activities. The botnet has been responsible for a massive .. --------------------------------------------- http://trustwave.com/Resources/SpiderLabs-Blog/Necurs-%e2%80%93-the-Heavywei...
*** Trend Micro Internet Security vulnerability where files may be excluded as scan targets *** --------------------------------------------- Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets. --------------------------------------------- http://jvn.jp/en/jp/JVN98126322/
*** Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting *** --------------------------------------------- Splunk Enterprise and Splunk Lite contain a cross-site scripting vulnerability.Note that this vulnerability is different from JVN#74244518. --------------------------------------------- http://jvn.jp/en/jp/JVN71462075/
*** Gefährliche Inhalte effektiver erkennen: Google baut Webseiten-Scan aus *** --------------------------------------------- Webmaster können ihre Seiten nun noch tiefgehender nach unter anderem Malware-Verweisen und gefährlichen Downloads durchsuchen lassen. --------------------------------------------- http://heise.de/-3325042
*** Erste Sicherheitslücken im Krypto-Messenger Signal entdeckt *** --------------------------------------------- Ein Programmierfehler in Signal erlaubt die Manipulation von Dateianhängen. Über einen zweiten hätten Angreifer Schadcode aus der Ferne einschleusen können, hätte ein dritter Bug diesen Angriff nicht verhindert. --------------------------------------------- http://heise.de/-3325242
*** Erpressungstrojaner: Stampado verschlüsselt von Ransomware verschlüsselte Dateien *** --------------------------------------------- Ein neuer Erpressungstrojaner hat eine besonders gemeine Taktik: Verschlüsselt werden Dateien, die bereits von anderer Ransomware verschlüsselt wurden. Zum Glück gibt es Abhilfe. --------------------------------------------- http://www.golem.de/news/erpressungstrojaner-stampado-verschluesselt-von-ran...