[CERT-daily] Tageszusammenfassung - Dienstag 9-08-2016

Tue Aug 9 18:22:54 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 08-08-2016 18:00 − Dienstag 09-08-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** "Cat-Loving" Mobile Ransomware Operates With Control Panel ***
---------------------------------------------
Recently the McAfee Labs Mobile Malware Research team found a sample of ransomware for Android with botnet capabilities and a web-based control panel service. The malware is running on compromised legitimate servers. The payload of this malware can encrypt a victim's files, steal SMS messages, and block access to the device. In this variant the...
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/cat-loving-mobile-ransomware-operates-control-panel/


*** Researcher warns of flaws in Samsung Pay tokenization and mag stripe features ***
---------------------------------------------
A researcher claims to have found vulnerabilities in Samsung Pays tokenization mechanism and its magnetic secure transmission (MST) technology that could allow hackers to steal users tokens and make fraudulent purchases.
---------------------------------------------
http://www.scmagazine.com/researcher-warns-of-flaws-in-samsung-pay-tokenization-and-mag-stripe-features/article/514732/


*** Samsung Calls Reports of Samsung Pay Security Flaw "Inaccurate" ***
---------------------------------------------
Researcher finds a way to make fraudulent transactions via Samsung Pay, but Samsung denies any issues
---------------------------------------------
http://news.softpedia.com/news/samsung-calls-reports-of-samsung-pay-security-flaw-as-inaccurate-507098.shtml


*** Anonymes Dokument: Angriffe auf den FreeBSD-Update-Prozess ***
---------------------------------------------
Ein anonymes Dokument beschreibt detailliert Sicherheitslücken im FreeBSD-Update-System. Betroffen sind Portsnap, Libarchive und Bspatch. Fixes gibt es bislang nur für wenige der Bugs. Möglicherweise existieren ähnliche Angriffe auch auf Linux-Systemen.
---------------------------------------------
http://www.golem.de/news/anonymes-dokument-angriffe-auf-den-freebsd-update-prozess-1608-122581-rss.html


*** Sicherheit: Hacker knacken 12 von 16 Smartlocks ***
---------------------------------------------
Zwei Hacker haben drei Viertel der von ihnen untersuchten Bluetooth-Smartlocks knacken können - mit stellenweise haarsträubend einfachen Mitteln. Die Reaktion der Hersteller zeugt nicht von großem Interesse, an den Problemen etwas ändern zu wollen.
---------------------------------------------
http://www.golem.de/news/sicherheit-hacker-knacken-12-von-16-smartlocks-1608-122589-rss.html


*** DFRWS EU/IMF 2017 ***
---------------------------------------------
DFRWS EU 2017 will be held in Überlingen, Lake Constance, Germany. This year brings together two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017). Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics.
---------------------------------------------
http://www.dfrws.org/conferences/dfrws-eu-2017


*** Unechte PayLife-Nachricht: Ihre Kreditkarte wird vorläufig eingeschränkt ***
---------------------------------------------
In einer E-Mail behaupten Kriminelle, dass PayLife-Kund/innen ihre persönlichen Daten bestätigen müssen. Tun sie das nicht, müssen sie angeblich 89,95 Euro bezahlen. Empfänger/innen, die der Aufforderung nachkommen, übermitteln sensible Kreditkarteninformationen an Verbrecher/innen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/unechte-paylife-nachricht-ihre-kreditkarte-wird-vorlaeufig-eingeschraenkt/


*** Windows 10 Anniversary Update is infested with bugs ***
---------------------------------------------
Last month, I warned readers that Microsofts Windows 10 Anniversary Update would likely be somewhat buggy and suggested consumers should wait awhile before installing it. Unfortunately, my advice proved valid.Windows 10 Anniversary Update infestationThere are widespread reports of significant bugs in the update, and theyre causing systems to freeze, browsers to misbehave, and peripherals - including Xbox One controllers - to malfunction. Two major antivirus companies also warn that...
---------------------------------------------
http://www.cio.com/article/3104774/windows-security/windows-10-anniversary-update-is-infested-with-bugs.html#tk.rss_security


*** QuadRooter vulnerability: 5 things to know about this Android security scare ***
---------------------------------------------
Once again, its Android security scare season. This morning news broke of the latest collection of vulnerabilities, discovered by security firm Check Point and grouped together under the catchy monicker "QuadRooter." As usual, most of the reporting has focused on worst-case scenarios and a shockingly huge number of potentially vulnerable devices - in this case, an estimated 900 million. Were going to break down exactly whats going on, and just how vulnerable youre likely to be.
---------------------------------------------
http://www.androidcentral.com/quadrooter-5-things-know-about-latest-android-security-scare


*** IPv6 router bug: Juniper spins out hotfix to thwart DDoS attacks ***
---------------------------------------------
Vulnerability common to devices routing IPv6; Cisco offered partial fix in July.
---------------------------------------------
http://arstechnica.com/security/2016/08/ipv6-router-bug-juniper-cisco-ddos-attacks/


*** Security Bulletin Posted for Adobe Experience Manager (APSB16-27) ***
---------------------------------------------
Adobe has published a Security Bulletin for Adobe Experience Manager(APSB16-27). Adobe recommends users apply the relevant hotfix to their product installation using the instructions referenced in the security bulletin. Adobe is not planning to issue a security update for Flash Player this...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1385


*** Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the processing of Network Time Protocol (NTP) packets by Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device.The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP packets to be processed by an affected device. An exploit...
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge


*** Foxit Reader Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1036558


*** Vuln: OpenSSH CVE-2016-6515 Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/92212


*** Bugtraq: ESA-2016-070: RSA Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539157


*** Bugtraq: [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539159


*** Trend Micro Control Manager (TMCM) Multiple Vulnerabilities ***
---------------------------------------------
https://esupport.trendmicro.com/solution/en-US/1114749.aspx


*** Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) Multiple Vulnerabilities ***
---------------------------------------------
https://esupport.trendmicro.com/solution/en-US/1114746.aspx


*** Trend Micro Smart Protection Server (Standalone) Multiple Vulnerabilities ***
---------------------------------------------
https://esupport.trendmicro.com/solution/en-US/1114913.aspx


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: AppScan Source vulnerable to denial of service caused by an XML External Entity (CVE-2016-3033) ***
http://www.ibm.com/support/docview.wss?uid=swg21987326
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Monitoring Buffer Overflow (CVE-2016-2946 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21984578
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security affected by Cross Site Scripting (CVE-2016-2991) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985280
---------------------------------------------
*** IBM Security Bulletin:Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729 CVE-2016-4463) ***
http://www.ibm.com/support/docview.wss?uid=swg21987267
---------------------------------------------
*** IBM Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7548, CVE-2015-8749 CVE-2015-1850) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024106
---------------------------------------------