======================= = End-of-Shift report = =======================
Timeframe: Donnerstag 12-01-2017 18:00 − Freitag 13-01-2017 18:00 Handler: Stephan Richter Co-Handler: n/a
*** Critical Patch Update - January 2017 - Pre-Release Announcement *** --------------------------------------------- http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
*** EMET 5.52 update is now available *** --------------------------------------------- EMET 5.52 is the latest version of the Enhanced Mitigation Experience Toolkit (EMET) and is now available for download. EMET 5.52 is a minor update from EMET 5.51 to address the following: An issue with the EAF mitigation that causes some applications to hang on Windows 7 SP1. A fix to the MSI installer to... --------------------------------------------- https://blogs.technet.microsoft.com/srd/2017/01/12/emet-5-52-update-is-now-a...
*** Marlboro Ransomware Defeated in One Day *** --------------------------------------------- A new ransomware family was snuffed in its crib today after security researchers tracked it down, analyzed its source code for weaknesses, and released a decrypter in less than 24 hours. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-...
*** Angriffe auf VoIP-Gateways von beroNet, Patch sorgt für Sicherheit *** --------------------------------------------- Angreifer entdeckten eine Schwachstelle in den VoIP-Gateways des Berliner Herstellers beroNet und nutzen diese seit kurzem aus, um die Rechnungen ihrer Opfer in die Höhe zu treiben. Ein Patch des Herstellers stopft das Sicherheitsloch. --------------------------------------------- https://heise.de/-3594737
*** November-December 2016 *** --------------------------------------------- The NCCIC/ICS-CERT Monitor for November/December 2016 is a summary of ICS-CERT activities for the previous two months --------------------------------------------- https://ics-cert.us-cert.gov/monitors/ICS-MM201612
*** Wie sich Banken vor Cyberangriffen schützen *** --------------------------------------------- Olaf Schwarz, Information Security Officer bei der Direktbank ING DiBa Austria über Cyberangriffe auf Banken, Ransomware und Sicherheitsschulungen für Mitarbeiter. --------------------------------------------- https://futurezone.at/digital-life/wie-sich-banken-vor-cyberangriffen-schuet...
*** Whos Attacking Me?, (Fri, Jan 13th) *** --------------------------------------------- I started to play with a nice reconnaissance tool that could be helpful in many cases - offensive as well as defensive. IVRE [1] (DRUNK in French) is a tool developed by the CEA, the Alternative Energies and Atomic Energy Commission in France. Its a network reconnaissance framework that includes: Passive recon features (via flow analysis coming from Bro or Nfdump Fingerprinting analysis Active recon (via Nmapor Zmap) Import tools (from Nmap or Masscan) I deployed this tool and feed it with... --------------------------------------------- https://isc.sans.edu/diary.html?storyid=21933&rss
*** MongoDB Hijackers Move on to ElasticSearch Servers *** --------------------------------------------- After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/mongodb-hijackers-move-on-to-...
*** Schlüsselaustausch: Aufregung um angebliche Whatsapp-Backdoor *** --------------------------------------------- Hat Whatsapp eine Backdoor? Das behaupten zumindest ein Sicherheitsforscher und der Guardian. Tatsächlich könnte es auch eine weniger spektakuläre Erklärung geben. --------------------------------------------- http://www.golem.de/news/schluesselaustausch-aufregung-um-angebliche-whatsap...
*** Ploutus ATM Malware: Press F3 for Money *** --------------------------------------------- Security researchers from FireEye have identified a new variant of the Ploutus ATM malware, used for the past few years to make ATMs spew out cash on command. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/ploutus-atm-malware-press-f3-...
*** Security Alert: RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware *** --------------------------------------------- Cybersecurity experts obsessively repeat two types of advice: Use stronger passwords. Update your software. Today's security alert is all about the importance of applying software updates as soon as they're released. At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users. The campaign works by injecting malicious scripts into insecure... --------------------------------------------- https://heimdalsecurity.com/blog/rig-exploit-kit-cerber-ransomware-outdated-...
*** DSA-3761 rabbitmq-server - security update *** --------------------------------------------- It was discovered that RabbitMQ, an implementation of the AMQPprotocol, didnt correctly validate MQTT (MQ Telemetry Transport)connection authentication. This allowed anyone to login to an existinguser account without having to provide a password. --------------------------------------------- https://www.debian.org/security/2017/dsa-3761
*** Vuln: Splunk Enterprise CVE-2016-10126 Information Disclosure Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95412
*** Vuln: Lenovo XClarity Administrator CVE-2016-8221 Privilege Escalation Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95417
*** HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information *** --------------------------------------------- A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack. --------------------------------------------- https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369403
*** Vuln: Zabbix CVE-2016-10134 SQL Injection Vulnerability *** --------------------------------------------- http://www.securityfocus.com/bid/95423
*** Security Advisory: BIND vulnerability CVE-2016-9147 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02138183.html?r...
*** Security Advisory: BIND vulnerability CVE-2016-9131 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/86/sol86272821.html?r...
*** Security Advisory: BIND vulnerability CVE-2016-9444 *** --------------------------------------------- https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40181790.html?r...
*** PowerDNS Security Fixes *** --------------------------------------------- PowerDNS Recursor 4.0.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001051.htm... --------------------------------------------- PowerDNS Recursor 3.7.4 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001052.htm... --------------------------------------------- PowerDNS Authoritative Server 4.0.2 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001053.htm... --------------------------------------------- PowerDNS Authoritative Server 3.4.11 released https://mailman.powerdns.com/pipermail/pdns-announce/2017-January/001054.htm... ---------------------------------------------
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology *** https://www.ibm.com/support/docview.wss?uid=swg21997084 --------------------------------------------- *** IBM Security Bulletin: Unauthenticated User Could Gain Remote Access to TS3100/TS3200 (CVE-2016-9005) *** http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009656 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Image Construction and Composition Tool. (CVE-2016-5573, CVE-2016-5542, and CVE-2016-5597) *** http://www.ibm.com/support/docview.wss?uid=swg21997055 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM PureApplication System. *** http://www.ibm.com/support/docview.wss?uid=swg21994499 --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. *** http://www.ibm.com/support/docview.wss?uid=swg21997063 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-5986) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996950 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Advanced Management Module (AMM) for BladeCenter systems *** https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099527 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-0378) *** http://www-01.ibm.com/support/docview.wss?uid=swg21996968 --------------------------------------------- *** IBM Security Bulletin: A vulnerability in the GSKit component of IBM Tivoli Monitoring (CVE-2015-1788) *** http://www-01.ibm.com/support/docview.wss?uid=swg21997156 ---------------------------------------------