[CERT-daily] Tageszusammenfassung - Montag 8-08-2016

Mon Aug 8 18:31:00 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 05-08-2016 18:00 − Montag 08-08-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** F5 Security Advisory: glibc vulnerability CVE-2016-3706 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/06/sol06493172.html?ref=rss


*** Smoke Loader - downloader with a smokescreen still alive ***
---------------------------------------------
This time we will have a look at another payload from recent RIG EK campaign. It is Smoke Loader (also known as Dofoil), a bot created several years ago. One of its early versions was advertised on the black marker in 2011.Categories:  Malware Threat analysisTags: DofoildownloaderRIG EKsmoke loader(Read more...)
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-downloader-with-a-smokescreen-still-alive/


*** Docker Unspecified Flaw Lets Remote Authenticated Users Deny Service on the Target Swarm Cluster ***
---------------------------------------------
http://www.securitytracker.com/id/1036548


*** Apple iOS Memory Corruption Error in IOMobileFrameBuffer Lets Applications Gain Elevated Privileges on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1036546


*** FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016080052


*** This PC monitor hack can manipulate pixels for malicious effect ***
---------------------------------------------
Don't believe everything you see. It turns out even your computer monitor can be hacked.On Friday, researchers at DEF CON presented a way to manipulate the tiny pixels found on a computer display.Ang Cui and Jatin Kataria of Red Balloon Security were curious how Dell monitors worked and ended up reverse-engineering one.They picked apart a Dell U2410 monitor and found that the display controller inside can be used to change and log the pixels across the screen.During their DEF CON...
---------------------------------------------
http://www.cio.com/article/3104974/this-pc-monitor-hack-can-manipulate-pixels-for-malicious-effect.html#tk.rss_security


*** Angriff auf Geldautomaten mit Fernsteuerung ***
---------------------------------------------
Ein Sicherheitsforscher hat auf der Blackhat-Konferenz demonstriert, wie sich trotz PIN-Absicherung Bargeld von fremden Konten ziehen lässt. Angeblich lässt sich dabei auch an modernen Geldautomaten die PIN abgreifen, ohne Spuren zu hinterlassen.
---------------------------------------------
http://heise.de/-3289469


*** Externe Festplatten mit Verschlüsselung knackbar ***
---------------------------------------------
Viele USB-Festplatten mit Vollverschlüsselung und PIN-Tastatur lassen sich vermutlich entschlüsseln, wenn man die Firmware des USB-SATA-Bridge-Chips austauscht.
---------------------------------------------
http://heise.de/-3289530


*** Video surveillance recorders RIDDLED with 0-days ***
---------------------------------------------
Kit from NUUO, Netgear has face-palm grade stoopid There are multiple Web interface vulnerabilities in a network video recorder under Netgears ReadyNAS brand and various devices by video recording company NUUO.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/08/07/nuuo_netgear_surveillance_recorders_riddled_with_0days/


*** Strider: Cyberespionage group turns eye of Sauron on targets ***
---------------------------------------------
Low-profile group uses Remsec malware to spy on targets in Russia, China, and Europe.      Twitter Card Style:  summary_large_image  A previously unknown group called Strider has been conducting cyberespionage-style attacks against selected targets in Russia, China, Sweden, and Belgium. The group uses an advanced piece of malware known as Remsec (Backdoor.Remsec) to conduct its attacks.read more
---------------------------------------------
http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets


*** Week in review: Black Hat USA 2016 coverage, QRLJacking, exposed SAP systems ***
---------------------------------------------
Here's an overview of some of last week's most interesting news and articles: Black Hat USA 2016 Want to learn the news from Black Hat USA 2016? Get is all from our dedicated coverage page. QRLJacking: A new attack vector for hijacking online accounts We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use. 36000 SAP...
---------------------------------------------
https://www.helpnetsecurity.com/2016/08/08/week-review-black-hat-usa-2016-coverage-qrljacking-exposed-sap-systems/


*** Bugtraq: vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539149


*** VMware product updates address multiple important security issues ***
---------------------------------------------
VMware product updates address a DLL hijacking issue in Windows-based VMware Tools and an HTTP Header injection issue in vCenter Server and ESXi. 
Relevant Products: VMware vCenter Server VMware vSphere Hypervisor (ESXi) VMware Workstation Pro VMware Workstation Player VMware Fusion VMware Tools
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0010.html


*** Remote Butler attack: APT groups' dream come true ***
---------------------------------------------
Microsoft security researchers have come up with an extension of the "Evil Maid" attack that allows attackers to bypass local Windows authentication to defeat full disk encryption: "Remote Butler". Demonstrated at Black Hat USA 2016 by researchers Tal Be'ery and Chaim Hoch, the Remote Butler attack has one crucial improvement over Evil Maid: it can be effected by attackers who do not have physical access to the target Windows computer that has, at one time,...
---------------------------------------------
https://www.helpnetsecurity.com/2016/08/08/remote-butler-attack/


*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time ***
---------------------------------------------
Java SE issues disclosed in the Oracle July 2016 Critical Patch Update CVE(s): CVE-2016-3598, CVE-2016-3511, CVE-2016-3485 Affected product(s) and affected version(s): These vulnerabilities affect IBM WebSphere Real Time Version 3 Service Refresh 9 Fix Pack 40 and earlier releases Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=swg21987762X-Force Database:...
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg21987762


*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition ***
---------------------------------------------
Java SE issues disclosed in the Oracle July 2016 Critical Patch Update CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3511, CVE-2016-3550, CVE-2016-3485 Affected product(s) and affected version(s): These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 26 and earlier releases These vulnerabilities affect IBM SDK, Java Technology Edition, Version 6R1 Service...
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg21986642


*** IBM Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-7548, CVE-2015-8749 CVE-2015-1850) ***
---------------------------------------------
IBM SmartClound Entry is vulnerable to several Openstack Nova vulerabilities, which could allow a local authenticated attacker or a remote attacker to obtain sensitive information CVE(s): CVE-2015-8749, CVE-2015-7548, CVE-2015-1850 Affected product(s) and affected version(s): IBM SmartCloud Entry 3.2 through Appliance fix pack 21 IBM SmartCloud Entry 3.1 through Appliance fix pack 21 Refer to the...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=isg3T1023865


*** VU#735416: UltraVNC repeater does not restrict IP addresses or ports by default ***
---------------------------------------------
Vulnerability Note VU#735416 UltraVNC repeater does not restrict IP addresses or ports by default Original Release date: 08 Aug 2016 | Last revised: 08 Aug 2016   Overview UltraVNC repeater versions prior to ultravnc_repeater_1300 do not restrict usage by IP address by default and cannot restrict by ports, which may be leveraged to induce connections to arbitrary hosts using any port.  Description CWE-16: Configuration - CVE-2016-5673UltraVNC repeater acts as a proxy to route remote desktop VNC...
---------------------------------------------
http://www.kb.cert.org/vuls/id/735416


*** Neuer auftretender Verschlüsselungs-Trojaner (Ransomware) machen Daten unwiederbringlich unbrauchbar ***
---------------------------------------------
[...] Die derzeit auftretenden Varianten der Ransomware benennen sich Vegclass at aol.com, Salazar-Slytherin10 at yahoo.com, usw., der eigentliche Schadcode dürfte dabei jedoch auf die aus Russland stammende Ransomware "Troldesh" zurück zu führen sein.
---------------------------------------------
http://www.bmi.gv.at/cms/bmi/_news/bmi.aspx?id=524B7A526E703148456D553D&page=0&view=1


*** Malware mit Barcodes und Excel in abgeschottete Netze einschleusen ***
---------------------------------------------
Ein Hacker bringt Malware auf einem Umweg in Netzwerke, bei denen weder USB noch optische Laufwerke oder Netzwerktransfers funktionieren. Er verwandelt die Software in 2D-Barcodes, die er dann mit Excel wieder in ausführbaren Code verwandelt.
---------------------------------------------
http://heise.de/-3290119


*** Qualcomm-powered Android devices plagued by four rooting flaws ***
---------------------------------------------
Hundreds of millions of Android devices based on Qualcomm chipsets are likely exposed to at least one of four critical vulnerabilities that allow non-privileged apps to take them over.The four flaws were presented by security researcher Adam Donenfeld from Check Point Software Technologies on Sunday at the DEF CON security conference in Las Vegas. They were reported to Qualcomm between February and April, and the chipset maker has since released fixes for the vulnerabilities after classifying...
---------------------------------------------
http://www.cio.com/article/3104896/qualcomm-powered-android-devices-plagued-by-four-rooting-flaws.html#tk.rss_security


*** Data Breach At Oracle's MICROS Point-of-Sale Division ***
---------------------------------------------
A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached more than 700 computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers appear to have compromised a customer support portal for companies using Oracles MICROS point-of-sale credit card payment systems.
---------------------------------------------
http://krebsonsecurity.com/?p=35752