======================= = End-of-Shift report = =======================
Timeframe: Montag 21-11-2016 18:00 − Dienstag 22-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a
*** Windows 10 Cannot Protect Insecure Applications Like EMET Can *** --------------------------------------------- Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points: (1) Microsoft will no longer support EMET after July 31, 2018, and (2) Windows 10 provides protections that make EMET unnecessary. In this blog post, I explain why Windows 10 does not provide the additional protections that EMET does and why EMET is still an important tool to help prevent exploitation of vulnerabilities. --------------------------------------------- https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure...
*** SSA-603476 (Last Update 2016-11-21): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs *** --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476....
*** Facebook Messenger: Malware via SVG *** --------------------------------------------- Vorsicht bei Dateianhängen in Facebooks Chat: Gekaperte Accounts versenden Schadsoftware - neuerdings in Form einer SVG-Grafik. --------------------------------------------- https://www.heise.de/newsticker/meldung/Facebook-Messenger-Malware-via-SVG-3...
*** Moodle Vulns *** --------------------------------------------- *** Vuln: Moodle MSA-16-0026 Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94456 --------------------------------------------- *** Vuln: Moodle CVE-2016-8643 Security Bypass Vulnerability *** http://www.securityfocus.com/bid/94457 --------------------------------------------- *** Vuln: Moodle CVE-2016-8644 Information Disclosure Vulnerability *** http://www.securityfocus.com/bid/94458
*** Exploit Code Released for NTP Vulnerability *** --------------------------------------------- NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet. --------------------------------------------- http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
*** The Kings in Your Castle, Pt. #3 *** --------------------------------------------- In the third episode of Marion Marschaleks and Raphael Vinots series of articles on modern APTs, they will shine some light on the prevalence of Zero-Day vulnerabilities. In reality, the use of Zero-Days is far less common than expected. In fact, APT groups in some cases exploit vulnerabilities which are a couple of years old. On the side of the analysts, they will explain that identical hashes are by no means a reliable indicator for dealing with identical files. --------------------------------------------- https://blog.gdatasoftware.com/2016/11/29302-kings-in-your-castle-pt-3
*** TYPO3 *** --------------------------------------------- *** Path Traversal in TYPO3 Core *** https://typo3.org/news/article/path-traversal-in-typo3-core/ --------------------------------------------- *** Insecure Unserialize in TYPO3 Backend *** https://typo3.org/news/article/insecure-unserialize-in-typo3-backend/
*** Businesses as Ransomware's Goldmine: How Cerber Encrypts Database Files *** --------------------------------------------- Possibly to maximize the earning potential of Cerber's developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. --------------------------------------------- http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KntWjaKLssw/
*** Android-Trojaner GT!tr.spy soll vor allem deutsche Bank-Kunden ins Visier nehmen *** --------------------------------------------- Fortinet ist nach eigenen Angaben auf einen aktuellen Android-Trojaner mit der Bezeichnung GT!tr.spy gestoßen, der es in erster Linie auf Kreditkarten- und Log-in-Daten von deutschen und österreichischen Bank-Kunden abgesehen hat. Davon sollen Kunden von nicht näher beschriebenen 15 deutschen und fünf österreichischen Banken bedroht sein ... --------------------------------------------- https://heise.de/-3494472
*** Exploit Code Released for NTP Vulnerability *** --------------------------------------------- NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet. --------------------------------------------- http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
*** FortiOS flow-mode detection bypass under certain conditions *** --------------------------------------------- A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions... --------------------------------------------- http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-cert...
*** F5 Security Advisories *** --------------------------------------------- *** Security Advisory: OpenSSL vulnerability CVE-2016-8610 *** https://support.f5.com:443/kb/en-us/solutions/public/k/11/sol11307303.html?r... --------------------------------------------- *** Security Advisory: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896 *** https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30403302.html?r... --------------------------------------------- *** Security Advisory: ImageMagick vulnerability CVE-2015-8898 *** https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68785753.html?r... ---------------------------------------------
*** IBM Security Bulletins *** --------------------------------------------- *** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection *** http://www-01.ibm.com/support/docview.wss?uid=swg21991724 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack for Bare Machine Recovery Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) *** http://www.ibm.com/support/docview.wss?uid=swg21993925 --------------------------------------------- *** IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091) *** http://www.ibm.com/support/docview.wss?uid=swg21993916 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 ) *** http://www-01.ibm.com/support/docview.wss?uid=swg21990083 --------------------------------------------- *** IBM Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection *** http://www-01.ibm.com/support/docview.wss?uid=swg21989336 --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-3485) *** http://www-01.ibm.com/support/docview.wss?uid=swg21993565 --------------------------------------------- *** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-0377 *** http://www-01.ibm.com/support/docview.wss?uid=swg21993522 --------------------------------------------- *** IBM Vulnerabilities in BIND impact AIX (CVE-2016-2776, CVE-2016-2775) *** http://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc --------------------------------------------- *** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX *** http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc ---------------------------------------------