[CERT-daily] Tageszusammenfassung - Freitag 11-12-2015
Daily end-of-shift report
team at cert.at
Fri Dec 11 18:10:07 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-12-2015 18:00 − Freitag 11-12-2015 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
*** NIST will Feedback zur Absicherung von kritischer Infrastruktur ***
---------------------------------------------
Die US-Standardisierungsbehörde möchte ihr Richtlinienpapier zur IT-Sicherheit von Kraftwerken und Industrieanlagen verbessern und bittet um Mithilfe. Allerdings ist das NIST bei Sicherheitsexperten momentan nicht gerade unumstritten.
---------------------------------------------
http://heise.de/-3042666
*** New Spy Banker Trojan Telax abusing Google Cloud Servers ***
---------------------------------------------
Introduction Zscaler ThreatLabZ has been closely monitoring a new Spy Banker Trojan campaign that has been targeting Portuguese-speaking users in Brazil. The malware authors are leveraging Google Cloud Servers to host the initial Spy Banker Downloader Trojan, which is responsible for downloading and installing Spy Banker Trojan Telax.
---------------------------------------------
http://research.zscaler.com/2015/12/new-spy-banker-trojan-telax-abusing.html
*** Open Automation Software OPC Systems NET DLL Hijacking Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for a DLL Hijacking vulnerability in Open Automation Software's OPC Systems.NET application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-344-02
*** XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-342-01 XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published December 8, 2015, on the NCCIC/ICS-CERT web site. This advisory provides mitigations details for a cross-site scripting vulnerability in XZERES's 442SR turbine generator operating system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01
*** Everything old is new again - Blackhole exploit kit since November 2015, (Fri, Dec 11th) ***
---------------------------------------------
Last month, the Malwarebytes blog posted an article about Blackhole exploit kit (EK) resurfacing in active drive-by campaigns from compromised websites. At the time, I hadnt noticed this trend, because the Windows hosts I was using to generate EK traffic were a bit too up-to-date.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20477&rss
*** New SWITCH Security Report available - Invitation to take part in a Reader Survey ***
---------------------------------------------
A new issue of our monthly SWITCH Security Report has just been released.
---------------------------------------------
http://securityblog.switch.ch/2015/12/09/new-switch-security-report-available-invitation-to-take-part-in-a-reader-survey/
*** Zend Framework vulnerable to SQL injection ***
---------------------------------------------
Zend Framework contains an SQL injection vulnerability (CWE-89) due to the argument of the ORDER BY clause.
An attacker who can access the product may execute SQL commands.
---------------------------------------------
http://jvn.jp/en/jp/JVN71730320/
*** Totgesagte leben länger: Facebook und Cloudflare setzen weiter auf SHA-1 ***
---------------------------------------------
Mit SHA-1 signierte SSL/TLS-Zertifikate gelten schon lange als unsicher und es gibt seit einiger Zeit erste praktische Angriffe. Trotzdem wollen wichtige Dienstanbieter wie Facebook und Cloudflare auf unbestimmte Zeit an SHA-1 festhalten.
---------------------------------------------
http://heise.de/-3041665
*** Advantech EKI Vulnerabilities ***
---------------------------------------------
This advisory provides information regarding several vulnerabilities in Advantech's EKI devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Unified Email Interaction Manager and Cisco Unified Web Interaction Manager XSS Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-uim
---------------------------------------------
*** Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr
---------------------------------------------
*** Cisco Emergency Responder Web Framework Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-cer
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images - OpenSSL vulnerabilities (CVE-2015-1791, CVE-2015-1792, CVE-2015-1788, CVE-2015-1789,CVE-2015-1790) ***
http://www.ibm.com/support/docview.wss?uid=swg21971248
---------------------------------------------
*** Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919) ***
http://www.ibm.com/support/docview.wss?uid=swg21970398
---------------------------------------------
*** Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21972650
---------------------------------------------
*** Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21963120
---------------------------------------------
*** Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21971177
---------------------------------------------
*** Multiple vulnerabilities in OpenSSH, GNU C Library (glibc), and OpenSSL, including Logjam, affect Integrated Management Module II (IMM2) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099032
---------------------------------------------
*** Vulnerabilities in openssh affect Power Hardware Management Console (CVE-2015-5600) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021006
---------------------------------------------
*** A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819) ***
http://www.ibm.com/support/docview.wss?uid=swg21969664
---------------------------------------------
*** A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2014-8121) ***
http://www.ibm.com/support/docview.wss?uid=swg21967169
---------------------------------------------
*** Multiple vulnerability fixes for Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21972785
---------------------------------------------
*** Multiple vulnerabilities in IBM Java SDK affect the IBM Installation Manager and IBM Packaging Utility (CVE-2015-2625 and CVE-2015-1931 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21972707
---------------------------------------------
*** Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000009
---------------------------------------------
*** Vulnerability in IBM Java Runtime affects IBM Content Classification CVE-2015-4844 ***
http://www.ibm.com/support/docview.wss?uid=swg21971760
---------------------------------------------
*** Vulnerability in Apache Commons affects Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971814
---------------------------------------------
*** ´Vulnerability in Apache Commons affects IBM Rational Application Developer for WebSphere Software (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972565
---------------------------------------------
*** Multiple vulnerability in Product IBM Tivoli Common Reporting (CVE-2015-7436,CVE-2015-7435,CVE-2012-6153,CVE-2014-3577,CVE-2015-7450,CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21972799
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Web Interface for Content Management (WEBi) (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972903
---------------------------------------------
*** Vulnerability in Apache Commons affects FileNet Collaboration Services/IBM FileNet Services for Lotus Quickr (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972902
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Integration Designer (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971371
---------------------------------------------
More information about the Daily
mailing list