[CERT-daily] Tageszusammenfassung - Mittwoch 10-08-2016
Daily end-of-shift report
team at cert.at
Wed Aug 10 18:11:56 CEST 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 09-08-2016 18:00 − Mittwoch 10-08-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Fixing an Internet Security Threat ***
---------------------------------------------
A weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 enables attackers to hijack users' Internet communications completely remotely, researchers said.
---------------------------------------------
http://www.isssource.com/fixing-an-internet-security-threat/
*** August 2016 security update release ***
---------------------------------------------
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library.
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2016/08/09/august-2016-security-update-release/
*** Microsoft Patch Tuesday, August 2016, (Tue, Aug 9th) ***
---------------------------------------------
Today, Microsoft released a total of 9 security bulletins. 5 of the bulletins are rated critical, the rest are rated important. You can find our usual summary here: https://isc.sans.edu/mspatchdays.html?viewday=2016-08-09(or via the API in various parsable formats) Some of the highlights: MS16-095/096: The usual Internet Explorer and Edge patches. Microsoft addresses nine vulnerabilities for Internet Explorer, and 8 for Edge. Note that there is a lot of overlap. Kind of makes you wonder how...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21357&rss
*** MSRT August 2016 release adds Neobar detection ***
---------------------------------------------
As part of our ongoing effort to provide better malware protection, the August 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detections for BrowserModifier: Win32/Neobar, unwanted software, and Win32/Rovnix, a trojan malware family. This blog discusses BrowserModifier:Win32/Neobar and its inclusion in MSRT supports our unwanted software family detections in Windows Defender, along...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/08/09/msrt-august-2016-release-adds-neobar-detection/
*** Kardinalfehler: Microsoft setzt aus Versehen Secure Boot Schachmatt ***
---------------------------------------------
Durch eine vergessene Debug-Funktion hat Microsoft jedem Administrator die Möglichkeit gegeben, Secure Boot auch aus der Ferne abzuschalten. Damit aber nicht genug der Peinlichkeiten: Zwei Versuche, die Lücke zu stopfen, scheiterten bereits.
---------------------------------------------
http://heise.de/-3291946
*** Google Chrome will beat Flash to death with a shovel: Why... wont... you... just... die! ***
---------------------------------------------
Adobe plugin completely snubbed for HTML5 By the end of the year, Google Chrome will block virtually all Flash content and make whatevers left click-to-play by default.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/08/09/google_chrome_55_flash/
*** Factsheet Use virtualisation wisely ***
---------------------------------------------
Virtualisation of ICT services ensures more efficient and flexible use of hardware. This factsheet is about specific risks that arise when you use virtual servers to outsource ICT services. Your virtual server has an unknown number of virtual neighbours on the host. By using the newly discovered Flip Feng Shui attack method, an attacker can penetrate a virtual neighbour or have it install malware. To date, an attacker could only eavesdrop on the activity of virtual neighbours. The success...
---------------------------------------------
https://www.ncsc.nl/english/current-topics/factsheets/factsheet-use-virtualisation-wisely.html
*** Research team presents Flip Feng Shui attack method at Usenix Security Symposium 2016 ***
---------------------------------------------
Researchers of the Vrije Universiteit Amsterdam and the Katholieke Universteit Leuven discovered a new attack method, known as Flip Feng Shui. This is the first attack method that enables an attacker to change the contents of the memory of another virtual server. In this way, he can directly attack the virtual server. Previously discovered attack methods, so-called side channels, aim to eavesdrop on a virtual server on the same host, and gain access to confidential information. On August the
---------------------------------------------
https://www.ncsc.nl/english/current-topics/news/researchteam-presents-flip-feng-shui-attack-method-at-usenix-security-symposium-2016.html
*** Verschlüsselung: Microsofts Edge und Internet Explorer 11 werfen RC4 über Bord ***
---------------------------------------------
Ab sofort öffnen die Webbrowser Edge und Internet Explorer 11 keine Webseiten mehr, die auf das RC4-Verschlüsselungsverfahren setzen. Das dafür nötige Update verteilt Microsoft aktuell.
---------------------------------------------
http://heise.de/-3291361
*** Verflixte Primzahlen: Eine subtile Hintertür im Diffie-Hellman-Schlüsselaustausch ***
---------------------------------------------
Benutzt der Diffie-Hellman-Schlüsselaustausch an der richtigen Stelle die falschen Primzahlen, kann ein Angreifer unter Umständen an die geheimen Schlüssel kommen. Das würde ihm erlauben etwa SSL-Verbindungen aufzubrechen.
---------------------------------------------
http://heise.de/-3289764
*** Determining the real economic impact of cyber-incidents: A mission (almost) impossible ***
---------------------------------------------
Today ENISA publishes a systematic review of studies on the economic impact of cyber-security incidents on critical information infrastructures (CII).
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/determining-the-real-economic-impact-of-cyber-incidents-a-mission-almost-impossible
*** IDG Contributor Network: Reach em and teach em--educating developers on application security ***
---------------------------------------------
How are developers supposed to build security throughout the development lifecycle if they are not taught security at any stage of their education? Vulnerabilities exist because products made by developers who have close to no knowledge of security are hitting the market. Rather than accept the idea that software will never be 100 percent secure, academia and industry leaders can be more proactive and teach developers how to think about application security.In a white paper, "App-Sec...
---------------------------------------------
http://www.csoonline.com/article/3105503/application-development/reach-em-and-teach-em-educating-developers-on-application-security.html#tk.rss_applicationsecurity
*** Security Advisory - A Security Vulnerability of Using Insecure Random Numbers to Generate Self-signed Certificates in Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160810-01-certificate-en
*** Security Advisory - Buffer Overflow Vulnerability in Huawei USG Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160810-01-usg-en
*** IBM Security Bulletin: XXE and XmlBomb vulnerability in FileNet Workplace (CVE-2016-3055) ***
---------------------------------------------
FileNet Workplace is susceptible to the XXE and XmlBomb vulnerability. CVE(s): CVE-2016-3055 Affected product(s) and affected version(s): FileNet Workplace 4.0.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21987128X-Force Database:...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21987128
*** IBM Security Bulletin: IBM Forms Experience Builder vulnerable to CSRF when configured with non default settings (CVE-2016-2884) ***
---------------------------------------------
A cross-site request forgery attack is possible when configured with non default settings, caused by improper validation of user-supplied input. CVE(s): CVE-2016-2884 Affected product(s) and affected version(s): IBM Forms Experience Builder 8.5 IBM Forms Experience Builder 8.5.1 IBM Forms Experience Builder 8.6.x Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin:...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21987252
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-3426) ***
---------------------------------------------
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 and Version 8. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Rational Service Tester is only affected by one of these vulnerabilities. CVE(s): CVE-2016-3426 Affected product(s) and affected version(s): Rational Service Tester versions 8.3, 8.5, 8.6,...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21988456
*** IBM Security Bulletin: A security vulnerability in IBM Java Runtime affects IBM Cognos Planning (CVE-2016-3427) ***
---------------------------------------------
There are multiple vulnerabilities in IBM Runtime Environment Java Version 6 that is used by IBM Cognos Planning. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3427 Affected product(s) and affected version(s): IBM Cognos Planning 10.1 IBM Cognos Planning 10.1.1 Refer to the following reference URLs for...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21975745
More information about the Daily
mailing list