======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 03-05-2017 18:00 − Donnerstag 04-05-2017 18:00 Handler: Olaf Schwarz Co-Handler: Petr Sikuta Co-Handler: Robert Waldner
*** Researcher: "Baseless Assumptions" Exist About Intel AMT Vulnerability *** --------------------------------------------- Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw. --------------------------------------------- http://threatpost.com/researcher-baseless-assumptions-exist-about-intel-amt-...
*** Intel-ME-Sicherheitslücke: Erste Produktliste, noch keine Updates *** --------------------------------------------- Zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Management Engine (ME) gibt es einige neue Informationen, aber noch keine Updates. --------------------------------------------- https://heise.de/-3703356
*** WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit *** --------------------------------------------- This advisory reveals details of exploitation of the PHPMailer vulnerability (CVE-2016-10033) in WordPress Core which (contrary to what was believed and announced by WordPress security team) was affected by the vulnerability. --------------------------------------------- https://cxsecurity.com/issue/WLB-2017050014
*** Kazuar: Multiplatform Espionage Backdoor with API Access *** --------------------------------------------- Unit 42 researchers have uncovered Kazuar, a backdoor Trojan used in an espionage campaign.The post Kazuar: Multiplatform Espionage Backdoor with API Access appeared first on Palo Alto Networks Blog. --------------------------------------------- http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatfo...
*** A set of tutorials about code injection for Windows. *** --------------------------------------------- Injectopi is a set of tutorials that Ive decided to write down in order to learn about various injection techniques in the Windows environment. --------------------------------------------- https://github.com/peperunas/injectopi
*** Master-Fingerabdruck: Forscher können fast alle Smartphones entsperren *** --------------------------------------------- Mithilfe von Maschinenlernen Trefferquote von 65 Prozent erreicht - Aktuelle Scanner zu niedrig aufgelöst --------------------------------------------- http://derstandard.at/2000056971421
*** Checker ATM Security: Sicherheitslücke ermöglicht Übernahme von Geldautomaten *** --------------------------------------------- Eine Sicherheitslücke in einer Sicherheitslösung für Geldautomaten konnte von Angreifern ausgenutzt werden, um illegal Geld auszuzahlen. Der Hersteller beschwichtigt und hat einen Patch bereitgestellt. --------------------------------------------- https://www.golem.de/news/checker-atm-security-sicherheitsluecke-ermoeglicht...
*** DFN-CERT-2017-0775/">LibTIFF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes *** --------------------------------------------- Mehrere Schwachstellen in LibTIFF ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe und das Ausspähen von Informationen mit Hilfe speziell präparierter Bilddateien. Betroffene Plattformen Debian Linux 8.7 Jessie Debian Linux 9.0 Stretch --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0775/
*** USB-Sticks: IBM liefert Installationsmedien mit Malware aus *** --------------------------------------------- Vom USB-Stick auf das Betriebssystem: Eine Schadsoftware verteilt sich von IBM-Produkten selbstständig. Betroffen sind die mitgelieferten Sticks mehrerer Storwize-Geräte. IBM rät, den USB-Stick zu formatieren oder gleich zu zerstören. --------------------------------------------- https://www.golem.de/news/usb-sticks-ibm-liefert-installationsmedien-mit-mal...
*** Cisco Security Advisories *** --------------------------------------------- *** Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco IOS XR Software Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco TelePresence ICMP Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco CallManager Express Unauthorized Access Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... ---------------------------------------------
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002624 --------------------------------------------- *** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002507 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638) *** http://www-01.ibm.com/support/docview.wss?uid=swg22001731 --------------------------------------------- *** IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137) *** http://www-01.ibm.com/support/docview.wss?uid=swg21998469 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications *** http://www.ibm.com/support/docview.wss?uid=swg22002517 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Controller (CVE-2016-7055) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002309 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Active Bypass (CVE-2016-7055) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002310 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSource ICU4C may affect IBM Streams (CVE-2016-6293, CVE-2016-7415) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002225 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-6153 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996590 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the BigFix Platform (CVE-2016-2177 CVE-2016-6304 CVE-2016-6305 CVE-2016-2182 CVE-2016-6306 CVE-2016-2183) *** http://www-01.ibm.com/support/docview.wss?uid=swg22002870 ---------------------------------------------