[CERT-daily] Tageszusammenfassung - Mittwoch 6-04-2016
Daily end-of-shift report
team at cert.at
Wed Apr 6 19:32:56 CEST 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 05-04-2016 18:00 − Mittwoch 06-04-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Security Advisory posted for Adobe Flash Player (APSA16-01) ***
---------------------------------------------
A Security Advisory (APSA16-01) has been published regarding a critical vulnerability (CVE-2016-1019) in Adobe Flash Player. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1330
*** Security: Ungepatchte Flash-Lücke wird aktiv ausgenutzt ***
---------------------------------------------
Es ist mal wieder Flash-Player-deinstallieren-Tag. Eine derzeit ungepatchte Sicherheitslücke wird aktiv ausgenutzt, immerhin existiert ein Workaround. Adobe will aber bald reagieren.
---------------------------------------------
http://www.golem.de/news/security-ungepatchte-flash-luecke-wird-aktiv-ausgenutzt-1604-120169-rss.html
*** Server software poses soft target for ransomware ***
---------------------------------------------
An alternate method for infecting computers with ransomware signals a shift in tactics by cybercriminals that could put businesses at greater risk, according to Symantec.A type of ransomware called Samsam has been infecting organizations but is not installed in the usual way."Samsam is another variant in a growing number of variants of ransomware, but what sets it apart from other ransomware is how it reaches its intended targets by way of unpatched server-side software," Symantec...
---------------------------------------------
http://www.cio.com/article/3052553/server-software-poses-soft-target-for-ransomware.html#tk.rss_security
*** SAP Security - Think Different ***
---------------------------------------------
Today we will discuss how SAP Security differs from traditional IT security. While in most cases security is security, no matter what we discuss, in SAP area there are some unique features. First of all, it is the question of responsibility. It's not a secret that SAP is owned and managed by business, which, to...
---------------------------------------------
http://resources.infosecinstitute.com/sap-security-think-different/
*** Gpg4win 2.3.1 released ***
---------------------------------------------
New in Gpg4win Version 2.3.1 (2015-04-05)
- GpgOL now has an option dialog where S/MIME can be disabled.
- GpgOL now supports the 64 Bit version of Microsoft Outlook.
- ...
---------------------------------------------
https://lists.wald.intevation.org/pipermail/gpg4win-announce/2016-April/000068.html
*** Researchers release PoC exploit for broken IBM Java patch ***
---------------------------------------------
Polish firm Security Explorations has had enough of broken patches for security vulnerabilities it has reported to vendors. On Monday, the company's CEO Adam Gowdiak has published on the Full Disclosure mailing list the technical details and PoC code for exploiting a security issue in IBM Java that has been poorly patched by the vendor. The flaw was discovered by Security Explorations researchers in early 2013. This is the 6th instance of a broken patch...
---------------------------------------------
https://www.helpnetsecurity.com/2016/04/06/broken-ibm-java-patch/
*** AdLoad: an advertisement bombarder ***
---------------------------------------------
The AdLoad PUP is an infection that presents its victims with a great variation of advertisements, fake alerts, dubious offers, and even other PUPs. It targets users by location and OS.Categories: PUPs Threat analysisTags: adloadadvertisementfake alertMalwarebytesPieter ArntzPUPscam(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/threat-analysis/2016/04/adload-an-advertisement-bombarder/
*** FBI Warns of Dramatic Increase in Business E-Mail Scams ***
---------------------------------------------
FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam or "B.E.C.", [...] Law enforcement globally has received complaints from victims in every U.S. state and in at least 79 countries. [...] This amounted to more than $2.3 billion in losses.
---------------------------------------------
https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams
*** Crypto ransomware targets called by name in spear-phishing blast ***
---------------------------------------------
Once the domain of espionage, personalized scams embraced by profit-driven scammers.
---------------------------------------------
http://arstechnica.com/security/2016/04/crypto-ransomware-targets-called-by-name-in-spear-phishing-blast/
*** CONIKS ***
---------------------------------------------
CONIKS is an new easy-to-use transparent key-management system: CONIKS is a key management system for end users capable of integration in end-to-end secure communication services. The main idea is that users should not have to worry about managing encryption keys when they want to communicate securely, but they also should not have to trust their secure communication service providers to...
---------------------------------------------
https://www.schneier.com/blog/archives/2016/04/coniks.html
*** DeepSec 2015 Videos (Youtube Playlist) ***
---------------------------------------------
DeepSec 2015 IN-DEPTH SECURITY CONFERENCE - 17th to 20th November 2015 The Imperial Riding School Vienna, Austria
---------------------------------------------
https://www.youtube.com/playlist?list=PLBA0WdWrcrCHpBtNgK-H64_S6-xBpzILR
*** ICS/SCADA Threat Intelligence Sharing Portal (March 31, 2016) ***
---------------------------------------------
The EastWest Institute and the US Department of Homeland Securitys ICS-CERT have launched a portal for operators of critical infrastructure around the world to share threat information...
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/18/27/308
*** Von Moorhühnern, Autounfällen und veralteter Software ***
---------------------------------------------
Peter fährt mit seinem Auto für dessen tourliche Untersuchung auf Fahrtüchtigkeit - kurz, Pickerl - zu seiner vertrauten Autowerkstatt. Nach rund einer halben Stunde sagt ihm der Mechaniker, dass die Bremsleitungen seines Autos stark korrodiert seien und es nur noch eine Frage der Zeit wäre, bis diese platzen und es folglich zu einem Ausfall der Bremsen käme. Peter schluckt: "Na, da hab ich...
---------------------------------------------
http://www.cert.at/services/blog/20160406112228-1706.html
*** VLC Media Player Buffer Overflow in Processing WAV Files Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1035456
*** Security Advisory: Java vulnerabilities CVE-2016-4066 and CVE-2016-0483 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50118123.html?ref=rss
*** DSA-3542 mercurial - security update ***
---------------------------------------------
Several vulnerabilities have been discovered in Mercurial, a distributedversion control system. The Common Vulnerabilities and Exposures projectidentifies the following issues:
---------------------------------------------
https://www.debian.org/security/2016/dsa-3542
*** DFN-CERT-2016-0556: Red Hat JBoss Enterprise Application Platform: Zwei Schwachstellen ermöglichen einen Denial-of-Service-Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0556/
*** Pro-face GP-Pro EX HMI Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for hard-coded credentials in Pro-face's GP-Pro EX HMI software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-096-01
*** Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on March 1, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for vulnerabilities in Eaton Lighting Systems' EG2 Web Control application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-061-03
*** Rockwell Automation Integrated Architecture Builder Access Violation Memory Error ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on February 25, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an access violation memory error in Rockwell Automation's Integrated Architecture Builder application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-056-01
*** Bugtraq: op5 v7.1.9 Remote Command Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537992
*** Bugtraq: CA20160405-01: Security Notice for CA API Gateway ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537991
*** [HTB23286]: SQL Injection in SocialEngine ***
---------------------------------------------
Product: SocialEngine v4.8.9Vulnerability Type: SQL Injection [CWE-89]Risk level: High Creater: WebligoAdvisory Publication: December 21, 2015 [without technical details]Public Disclosure: April 6, 2016 CVE Reference: Pending CVSSv2 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Vulnerability Details: High-Tech Bridge Security Research Lab discovered SQL-Injection vulnerability in a popular social networking software SocialEngine. The vulnerability can be exploited to gain
---------------------------------------------
https://www.htbridge.com/advisory/HTB23286
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Samba affect IBM i ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021200
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Privilege Escalation (CVE-2016-0342) ***
http://www.ibm.com/support/docview.wss?uid=swg21980252
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Cross Site Request Forgery Vulnerability (CVE-2016-0346) ***
http://www.ibm.com/support/docview.wss?uid=swg21980237
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Information disclosure (CVE-2016-0345) ***
http://www.ibm.com/support/docview.wss?uid=swg21980233
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Information Disclosure (CVE-2016-0343) ***
http://www.ibm.com/support/docview.wss?uid=swg21980229
---------------------------------------------
*** IBM Unauthenticated access to information in IBM TRIRIGA Application Platform (CVE-2016-0312) ***
http://www.ibm.com/support/docview.wss?uid=swg21979762
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BigFix Remote Control and IBM Endpoint Manager for Remote Control (CVE-2015-3194) ***
http://www.ibm.com/support/docview.wss?uid=swg21978415
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702) ***
http://www.ibm.com/support/docview.wss?uid=swg21978869
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4. ***
http://www.ibm.com/support/docview.wss?uid=swg21978941
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MQ Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg21979829
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-0800, CVE-2016-0705 and CVE-2016-0797) ***
http://www.ibm.com/support/docview.wss?uid=swg21980451
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Netezza Host Management ***
http://www.ibm.com/support/docview.wss?uid=swg21979983
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect Tivoli Workload Scheduler (CVE-2016-0705, CVE-2016-0702, CVE-2016-0800, CVE-2016-0701) ***
http://www.ibm.com/support/docview.wss?uid=swg21979602
---------------------------------------------
*** IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment, Tivoli Provisioning Manager for Images ***
http://www.ibm.com/support/docview.wss?uid=swg21979311
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704) ***
http://www.ibm.com/support/docview.wss?uid=swg21978489
---------------------------------------------
More information about the Daily
mailing list