======================= = End-of-Shift report = =======================

Timeframe: Donnerstag 23-03-2017 18:00 − Freitag 24-03-2017 18:00 Handler: Robert Waldner Co-Handler: n/a

*** TROOPERS 2017 Day #4 Wrap-Up *** --------------------------------------------- I'm just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition. --------------------------------------------- https://blog.rootshell.be/2017/03/23/troopers-2017-day-4-wrap/

*** Google slaps Symantec for sloppy certs, slow show of SNAFUs *** --------------------------------------------- Certs will keep working, but Chrome will be suspicious, soon Googles Chrome development team has posted a stinging criticism of Symantecs certificate-issuance practices, saying it has lost confidence in the companys practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/03/24/google_slaps...

*** Referrer spoofing with iframe injection *** --------------------------------------------- Last year we've been playing with a very simple method to spoof the referrer on Edge, which allowed us of course to spoof the referrer and -as a bonus- other neat things like bypass the XSS filter. Today I found out that it was patched, so I decided to give it a try and find a way around the patch. Honestly I don't feel it's a bypass but clearly a variation. From a practical point of view, it works again and bypasses the patch... --------------------------------------------- https://www.brokenbrowser.com/referer-spoofing-patch-bypass/

*** VMSA-2017-0004.6 *** --------------------------------------------- VMware product updates resolve remote code execution vulnerability via Apache Struts 2 --------------------------------------------- https://www.vmware.com/security/advisories/VMSA-2017-0004.html

*** Betrugsnetzwerk: Kinox.to-Nutzern Abofallen andrehen *** --------------------------------------------- Eine Betrugskampagne nutzt Sicherheitslücken im Stock-Browser von Android aus, um Nutzern Abofallen und Premiumdienste zuzuschieben. Die Betrüger bauen gefälschte Webshops auf, um legitim zu erscheinen. (Abofallen, Server) --------------------------------------------- https://www.golem.de/news/betrugsnetzwerk-mit-fake-webshops-kinox-to-nutzern...

*** DFN-CERT-2017-0524/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff *** --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im Traffic Management Microkernel (TMM) auf BIG-IP-Systemen durch die Versendung präparierten Netzwerkverkehrs für einen Denial-of-Service (DoS)-Angriff ausnutzen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0524/

*** Erpressung durch iCloud-Fernlöschung: Wie Sie Ihr iPhone schützen *** --------------------------------------------- Unbekannte drohen damit, wahllos iPhones zu löschen - wenn Apple nicht zahlt. Die Angreifer sind offenbar in Besitz von iCloud-Zugangsdaten. Mac & i erklärt, wie man sich gegen einen derartigen Angriff wappnen kann. --------------------------------------------- https://heise.de/-3663802

*** LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA *** --------------------------------------------- This advisory contains mitigation details for a path traversal vulnerability in the LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA software. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01

*** BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability *** --------------------------------------------- This advisory contains mitigation details for a hard-coded password vulnerability in the Becton, Dickinson and Company (BD) Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01

*** Vuln: libpcre Multiple Security Vulnerabilities *** --------------------------------------------- libpcre is prone to the following multiple security vulnerabilities: 1. A denial-of-service vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to run arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions. libpcre1 in PCRE 8.40 is vulnerable; other versions may also be affected. --------------------------------------------- http://www.securityfocus.com/bid/97067

*** DFN-CERT-2017-0526/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht das Ausspähen von Informationen *** --------------------------------------------- Ein lokaler, einfach authentisierter Angreifer mit erweiterten Privilegien kann sensitive Daten ausspähen, die seit dem letzten Neustart betroffener Geräte angefallen sind. Dazu gehören beispielsweise die Passwörter zu kürzlich erstellten Benutzerkonten. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0526/

*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console *** http://www.ibm.com/support/docview.wss?uid=nas8N1021868 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities CVE-2016-5636 and CVE-2016-5699 in Python affect IBM i *** http://www.ibm.com/support/docview.wss?uid=nas8N1021926 --------------------------------------------- *** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1120) *** http://www-01.ibm.com/support/docview.wss?uid=swg22000152 --------------------------------------------- *** IBM Security Bulletin: A cross-site scripting vulnerablity has been addressed in IBM Kenexa LMS on Cloud 5.1 *** http://www.ibm.com/support/docview.wss?uid=swg21999483 --------------------------------------------- *** IBM Security Bulletin: Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0 *** http://www.ibm.com/support/docview.wss?uid=swg21998874 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware *** https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-50... ---------------------------------------------