[CERT-daily] Tageszusammenfassung - Montag 28-12-2015

Daily end-of-shift report team at cert.at
Mon Dec 28 18:40:35 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 23-12-2015 18:00 − Montag 28-12-2015 18:00
Handler:     L. Aaron Kaplan
Co-Handler:  Stephan Richter




*** Malware-Driven Card Breach at Hyatt Hotels ***
---------------------------------------------
Hyatt Hotels Corporation said today it recently discovered malicious software designed to steal credit card data on computers that operate the payment processing systems for Hyatt-managed locations.
---------------------------------------------
http://krebsonsecurity.com/2015/12/malware-driven-card-breach-at-hyatt-hotels/




*** Using WPScan: Finding WordPress Vulnerabilities ***
---------------------------------------------
When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list ofRead More The post Using WPScan: Finding WordPress Vulnerabilities appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2015/12/using-wpscan-finding-wordpress-vulnerabilities.html




*** NSA und GCHQ nutzen seit Jahren Hintertüren in Juniper-Firewalls ***
---------------------------------------------
Geheimes Dokument aus 2011 zeigt Zusammenarbeit der zwei Geheimdienste
---------------------------------------------
http://derstandard.at/2000028055853




*** Victims of the Gomasom Ransomware can now decrypt their files for free ***
---------------------------------------------
Fabian Wosar, security researcher at Emsisoft, created a tool for decrypting files locked by the Gomasom Ransomware. Ransomware are the most threatening cyber threats for end-users, but today I have a good news for victims of the Gomasom ransomware, victims can rescue their locked files. The news was spread by the security researcher Fabian Wosar that developed a...
---------------------------------------------
http://securityaffairs.co/wordpress/43074/malware/decrypt-gomasom-ransomware-files.html




*** Hacker zeigen massive Lücken bei Bankomatkarten ***
---------------------------------------------
Vor Publikum PIN ausgelesen, Prepaid-Karte aufgeladen und Zahlungen umgeleitet
---------------------------------------------
http://derstandard.at/2000028162750




*** 32C3: Hardware-Trojaner als unterschätzte Gefahr ***
---------------------------------------------
Fest in IT-Geräte und Chips eingebaute Hintertüren stellten eine "ernste Bedrohung" dar, warnten Sicherheitsexperten auf der Hackerkonferenz. Sie seien zwar nur mit großem Einwand einzubauen, aber auch schwer zu finden.
---------------------------------------------
http://heise.de/-3056452




*** 32C3: Dieselgate und die omninöse Akustik-Funktion ***
---------------------------------------------
Kann die Manipulation der Abgaswerte bei Volkswagen wirklich das Werk einzelner Ingenieure sein? Auf dem CCC-Congress erteilten ein Insider und ein Hacker dieser Legende eine Absage.
---------------------------------------------
http://heise.de/-3056438




*** 32C3: Automatische Zugsicherung und vernetzte Bahntechnik im Hackervisier ***
---------------------------------------------
Eine Hackergruppe, die sich auf Industrieanlagen konzentriert, hat diverse Angriffsflächen rund um vernetzte Systeme zur Zugkontrolle ausgemacht. Veraltete Software sowie unsichere Passwörter seien dort "überall" zu finden.
---------------------------------------------
http://heise.de/-3056484




*** DSA-3430 libxml2 - security update ***
---------------------------------------------
Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files. A remote attackercould provide a specially crafted XML or HTML file that, when processedby an application using libxml2, would cause that application to use anexcessive amount of CPU, leak potentially sensitive information, orcrash the application.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3430




*** GIT git-remote-ext Helper URL Processing Lets Remote Users Execute Arbitrary Commands on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1034501




*** F5 Security Advisory: Apache vulnerability CVE-2010-0434 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/40/sol40284849.html?ref=rss




*** EMC Secure Remote Services Virtual Edition Directory Traversal Flaw Lets Remote Authenticated Users View Files on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1034530




*** Cisco Jabber for Windows STARTTLS Downgrade Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab




*** Vuln: Dnsmasq CVE-2015-3294 Remote Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/74452




*** IDM 4.5 - 4.0.2 Midrange Driver Patch 4.0.2 ***
---------------------------------------------
Abstract: Identity Manager Midrange: IBM i (i5/OS and OS/400) driver patch for the Identity Manager versions 4.0.2 or higher. Driver version will show i5os Driver Version 4.0.2 IDM 4.0.2 Build Date 20151207_1437IDM 4.5.x Build Date 201512071006 To see the version run I5OSDRV/I5OSDRV OPTION(*VERSION)Document ID: 5230811Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:idm45-402midrangepatch2.tar.gz (96.31 MB)Products:Identity Manager 4.0.2Identity Manager...
---------------------------------------------
https://download.novell.com/Download?buildid=HsE3grsz-TU~




*** DFN-CERT-2015-1999: libvirt: Eine Schwachstelle ermöglicht die Manipulation von Dateien ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1999/




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021040
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2015-7410) ***
http://www.ibm.com/support/docview.wss?uid=swg21972676
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Linux-PAM affects PowerKVM (CVE-2015-3238) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022880
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in pam affect Power Management Console (CVE-2015-3238) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021041
---------------------------------------------
*** IBM Security Bulletin: A denial of service vulnerability affects IBM Sterling B2B Integrator (CVE-2014-0050) ***
http://www.ibm.com/support/docview.wss?uid=swg21972944
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM PureApplication System. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21973591
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Synergy (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931 and CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21973439
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Integration Designer and WebSphere Integration Developer (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21972087
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-4962, CVE-2015-4946) ***
http://www.ibm.com/support/docview.wss?uid=swg21973404
---------------------------------------------
*** IBM Security Bulletin: Malformed ECParameters causes infinite loop (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023038
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities affect AppScan Enterprise ***
http://www.ibm.com/support/docview.wss?uid=swg21972830
---------------------------------------------
*** IBM Security Bulletin: Clickjack vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-1928) ***
http://www.ibm.com/support/docview.wss?uid=swg21973200
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Manager Enterprise Edition (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21973416
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the IBM Tivoli Storage Manager Client and IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275, ***
http://www.ibm.com/support/docview.wss?uid=swg21973383
---------------------------------------------
*** IBM Security Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489) ***
http://www.ibm.com/support/docview.wss?uid=swg21973502
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023034
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005474
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i. ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021047
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Monitoring clients (CVE-2015-2590 plus additional CVEs.) ***
http://www.ibm.com/support/docview.wss?uid=swg21964027
---------------------------------------------


More information about the Daily mailing list