======================= = End-of-Shift report = =======================
Timeframe: Montag 31-10-2016 18:00 − Mittwoch 02-11-2016 18:00 Handler: Alexander Riepl Co-Handler: Stephan Richter
*** New, more-powerful IoT botnet infects 3,500 devices in 5 days *** --------------------------------------------- Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse. --------------------------------------------- http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-not...
*** Docker user? Havent patched Dirty COW yet? Got bad news for you *** --------------------------------------------- Repeat after me, containerization isnt protection, its a management feature Heres another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2016/11/01/docker_user_...
*** Sicherheits-Patch für Zero-Day-Lücke in Windows in Sicht *** --------------------------------------------- Ein Ausnutzen der Schwachstelle soll nur in Verbindung mit einer bereits geschlossenen Flash-Lücke funktionieren. Microsoft kritisiert Google für die frühe Offenlegung der Lücke. --------------------------------------------- https://heise.de/-3454255
*** Millionen Surf-Profile: Daten stammen angeblich auch von Browser-Addon WOT *** --------------------------------------------- Die detaillierten Daten zum Surfverhalten von Millionen Deutschen, auf die NDR-Reporter Zugriff haben, stammen offenbar auch von der beliebten Browser-Erweiterung WOT. Die damit gesammelten Daten seien leicht bestimmten Personen zuzuordnen. --------------------------------------------- https://heise.de/-3453820
*** Performance-Framework: Kritische Sicherheitslücken in Memcached geschlossen *** --------------------------------------------- Von einer Sicherheitslücke in einem beliebten Performance-Framework sind auch Dienste wie Facebook, Youtube und Reddit betroffen gewesen. Angreifer hätten auf dem Zielsystem Code ausführen können. Ein Patch und ein Workaround sind verfügbar. --------------------------------------------- http://www.golem.de/news/performance-framework-kritische-sicherheitsluecken-...
*** Datenpanne: Wenn das iPhone die Geheimnummer der Nationalratspräsidentin kennt *** --------------------------------------------- Offenbar durch einen Fehler bei AppleCare sind die Telefonbucheinträge mehrerer iPhone-Nutzer an andere übertragen worden, berichten der "Stern" und das österreichische Magazin "News". --------------------------------------------- https://heise.de/-3454575
*** Belkin's WeMo Gear Can Hack Android Phones *** --------------------------------------------- Vulnerabilities in WeMo home automation devices can be used to attack the Android apps used to manage devices remotely. --------------------------------------------- http://threatpost.com/belkins-wemo-gear-can-hack-android-phones/121730/
*** Security Advisory: OpenSSL vulnerability CVE-2016-2179 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23512141.html?r...
*** Security Advisory 2016-02: Security Update for OTRS *** --------------------------------------------- November 01, 2016 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security@otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2017-08-20] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 --------------------------------------------- https://www.otrs.com/security-advisory-2016-02-security-update-otrs/
*** Palo Alto PAN-OS Insecure API Token Generation Lets Remote Users Access the Target Firewall API Interface *** --------------------------------------------- http://www.securitytracker.com/id/1037153
*** Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks *** --------------------------------------------- http://www.securitytracker.com/id/1037152
*** DFN-CERT-2016-1794: Django: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2016-1794/
*** USN-3118-1: Mailman vulnerabilities *** --------------------------------------------- Ubuntu Security Notice USN-3118-11st November, 2016mailman vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Mailman.Software description mailman - Powerful, web-based mailing list manager DetailsIt was discovered that the Mailman administrative web interface did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were --------------------------------------------- http://www.ubuntu.com/usn/usn-3118-1/
*** CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure *** --------------------------------------------- A defect in BINDs handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c --------------------------------------------- https://kb.isc.org/article/AA-01434/0/CVE-2016-8864%3A-A-problem-handling-re...
*** Symantec IT Management Suite Multiple Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=sec...
*** Norton Mobile Security for Android Multiple Security Issues *** --------------------------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=sec...
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992931 --------------------------------------------- *** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2016-6072) *** http://www-01.ibm.com/support/docview.wss?uid=swg21991893 --------------------------------------------- *** IBM Security Bulletin: IBM Security Guardium Data Redaction is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU Jul 2016 Includes Oracle Jul 2016 CPU (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21992001 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2016-3485, CVE-2016-3511, CVE-2016-3598) *** http://www.ibm.com/support/docview.wss?uid=swg21993191 --------------------------------------------- *** IBM Security Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Mobile appliances (CVE-2016-3028) *** http://www.ibm.com/support/docview.wss?uid=swg21991110 --------------------------------------------- *** IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025) *** http://www.ibm.com/support/docview.wss?uid=swg21991107 ---------------------------------------------
*** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco TelePresence Endpoints Local Command Injection Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco Prime Home Authentication Bypass Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... --------------------------------------------- *** Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability *** http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... ---------------------------------------------