[CERT-daily] Tageszusammenfassung - Donnerstag 18-08-2016

Daily end-of-shift report team at cert.at
Thu Aug 18 18:06:05 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 17-08-2016 18:00 − Donnerstag 18-08-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Cisco Firepower Management Center Remote Command Execution Vulnerability ***
---------------------------------------------
A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc




*** Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic




*** Security Afterworks – Best of Summer of Security Conferences ***
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-best-of-summer-of-security-conferences/




*** Cookie Parser Buffer Overflow Vulnerability ***
---------------------------------------------
FortiGate firmware (FOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result ..
---------------------------------------------
http://fortiguard.com/advisory/cookie-parser-buffer-overflow-vulnerability




*** Browser Address Bar Spoofing Vulnerability Disclosed ***
---------------------------------------------
Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar.
---------------------------------------------
http://threatpost.com/browser-address-bar-spoofing-vulnerability-disclosed/119951/




*** Panelizer - Moderately Critical - Access Bypass - SA-CONTRIB-2016-048 ***
---------------------------------------------
https://www.drupal.org/node/2785687




*** Panels - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-047 ***
---------------------------------------------
https://www.drupal.org/node/2785631




*** Hosting - Less Critical - Access bypass - SA-CONTRIB-2016-046 ***
---------------------------------------------
https://www.drupal.org/node/2785531




*** Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp




*** Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the command-line interface (CLI) parser of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, local attacker to create a denial of service (DoS) condition or potentially ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli




*** Cisco Patches ASA Zero Days Exposed by ShadowBrokers ***
---------------------------------------------
Cisco today patched two vulnerabilities in its Adaptive Security Appliance that were leaked in the ShadowBrokers data dump of Equation Group exploits.
---------------------------------------------
http://threatpost.com/cisco-patches-asa-zero-days-exposed-by-shadowbrokers/119965/




*** 1 compromised site - 2 campaigns, (Thu, Aug 18th) ***
---------------------------------------------
Earlier today, I ran across a compromised website with injected script from both the pseudo-Darkleech campaign and the EITest campaign. This is similar to another compromised site I reported back in June ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21381




*** DSA-3649 gnupg - security update ***
---------------------------------------------
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute ofTechnology discovered a flaw in the mixing functions of GnuPGs randomnumber generator. An attacker who obtains 4640 bits from the RNG cantrivially predict the next 160 bits of output.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3649




*** Bitcoin targeted by state sponsored attackers says Bitcoin.org ***
---------------------------------------------
Bitcoin Core devs dont know about threat, advise usual signatures and hash checks Update Bitcoin.org is warning that the Bitcoin Core, the as-close-to-official-as-it-gets version of ..
---------------------------------------------
www.theregister.co.uk/2016/08/18/bitcoin_targeted_by_state_sponsored_attackers_say_bitcoin_devs/




*** PayPal patches 2FA portal bug ***
---------------------------------------------
Attacker could log in to account without triggering confirmation text PayPal has patched a two-factor authentication (2FA) bug that could have let an attacker bypass its login processes.
---------------------------------------------
www.theregister.co.uk/2016/08/18/paypal_patches_2fa_portal_bug/




*** If this headline was a security warning 90% of you would ignore it ***
---------------------------------------------
Boffins find interrupting users with pop-ups in the middle of things just doesnt work Developers, advertisers, and scammers be warned; boffins say your pop ups will be almost universally ignored if they interrupt users.
---------------------------------------------
www.theregister.co.uk/2016/08/18/coding_pop_ups_hit_em_when_theyre_idling_university_boffins_say/




*** Gefälschte Software: Bitcoin fühlt sich durch Staaten angegriffen ***
---------------------------------------------
Manipulierte Bitcoin-Software? Davon geht das Projekt offenbar aus. In einem Blogpost warnen die Macher vor staatlichen Angriffen auf das kommende Release. Das Projekt gibt auch Hinweise an die Nutzer.
---------------------------------------------
http://www.golem.de/news/gefaelschte-software-bitcoin-fuehlt-sich-durch-staaten-angegriffen-1608-122771.html




*** Lets Encrypt ups rate limits ***
---------------------------------------------
20 is plenty Lets Encrypt has revised its rate limits to make life easier for large organisations and hosting providers who use its services.
---------------------------------------------
www.theregister.co.uk/2016/08/18/lets_encrypt_clarifies_rate_limit_rules/




*** The Shadow Brokers EPICBANANAS and EXTRABACON Exploits ***
---------------------------------------------
On August 15th, 2016, Cisco was alerted to information posted online by the “Shadow Brokers”, which claimed to possess disclosures from the Equation Group. The files included exploit code that can be used against multi-vendor devices, including the Cisco ASA and legacy Cisco PIX firewalls.
---------------------------------------------
https://blogs.cisco.com/security/shadow-brokers




*** Locky Targets Hospitals In Massive Wave Of Ransomware Attacks ***
---------------------------------------------
A massive wave of Locky ransomware delivered via DOCM attachments is targeting the healthcare sector this month.
---------------------------------------------
http://threatpost.com/locky-targets-hospitals-in-massive-wave-of-ransomware-attacks/119981/


More information about the Daily mailing list