======================= = End-of-Shift report = =======================
Timeframe: Mittwoch 19-04-2017 18:00 − Donnerstag 20-04-2017 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl
*** DFN-CERT-2017-0683/">GnuTLS: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes *** --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-0683/
*** Cisco Security Advisories *** --------------------------------------------- *** Cisco ASA Software DNS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Unified Communications Manager Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Prime Network Registrar DNS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco FindIT Network Probe Information Disclosure Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Integrated Management Controller User Session Hijacking Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Integrated Management Controller Cross-Site Scripting Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco Integrated Management Controller Command Execution Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco ASA Software SSL/TLS Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... --------------------------------------------- *** Cisco ASA Software IPsec Denial of Service Vulnerability *** https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... ---------------------------------------------
*** Bereiten Sie sich schon 2017 auf die Datenschutz-Grundverordnung vor: Wichtige Fragen *** --------------------------------------------- Die neue Datenschutz-Grundverordnung wird in diesem Jahr in vielen Branchen bei Entscheidungen zu Sicherheitslösungen eine wichtige Rolle spielen. Die Höhe der möglichen Geldbußen .. --------------------------------------------- https://securingtomorrow.mcafee.com/languages/german/bereiten-sie-sich-schon...
*** Drupal Core - Critical - Access Bypass - SA-CORE-2017-002 *** --------------------------------------------- https://www.drupal.org/SA-CORE-2017-002
*** Organizations are not effectively dealing with open source security threats *** --------------------------------------------- Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation .. --------------------------------------------- https://www.helpnetsecurity.com/2017/04/20/open-source-security-threats/
*** DNS Query Length... Because Size Does Matter, (Thu, Apr 20th) *** --------------------------------------------- In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass securitycontrols. DNS tunnelling is a common way to establish .. --------------------------------------------- https://isc.sans.edu/diary.html?storyid=22326
*** Malware: Schadsoftware bei 1.200 Holiday-Inn- und Crown-Plaza-Hotels *** --------------------------------------------- Wer im vergangenen Jahr auf Geschäftsreise oder im Urlaub in den USA gewesen ist, sollte seine Kreditkartenabrechnungen prüfen: Zahlungsterminals zahlreicher .. --------------------------------------------- https://www.golem.de/news/malware-schadsoftware-bei-1-200-holiday-inn-und-cr...
*** Spyware Disguised as System Update Survived on Play Store for Almost Three Years *** --------------------------------------------- An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/spyware-disguised-as-system-u...
*** [R2] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities *** --------------------------------------------- On 2017-04-18, security researcher "agix" published an exploit for the remote command execution flaw (VulnDB 153135). As such, customers are more strongly encouraged to upgrade immediately. --------------------------------------------- https://www.tenable.com/security/tns-2017-07
*** Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) *** --------------------------------------------- In the last few months, I have been testing several Trend Micro products with Steven Seeley (@steventseeley). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities .. --------------------------------------------- http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-ses...
*** Stealing sensitive browser data with the W3C Ambient Light Sensor API *** --------------------------------------------- In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your // --------------------------------------------- https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-...
*** Combating a spate of Java malware with machine learning in real-time *** --------------------------------------------- In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert .. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java...
*** Browser-Updates für Chrome und Firefox stopfen kritische Lücken *** --------------------------------------------- Sowohl Google als auch Mozilla haben kritische Sicherheitslücken in ihren Web-Browsern gestopft. Diese können von Angreifern für Drive-By-Attacken missbraucht werden. --------------------------------------------- https://heise.de/-3689571
*** Abusing NVIDIAs node.js to bypass application whitelisting *** --------------------------------------------- Application WhitelistingApplication whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a .. --------------------------------------------- http://blog.sec-consult.com/2017/04/application-whitelisting-application.htm...
*** DNSSEC: ISC läutet Schlüsseltausch für BIND9 ein *** --------------------------------------------- Das Update ist für alle BIND9-Betreiber wichtig, die die Software zum Validieren von signierten DNS-Antworten einsetzen, aber kein automatisches Schlüssel-Update eingerichtet haben. --------------------------------------------- https://heise.de/-3689170