[CERT-daily] Tageszusammenfassung - Mittwoch 24-08-2016

Wed Aug 24 18:14:49 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 23-08-2016 18:00 − Mittwoch 24-08-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** The SWEET32 Issue, CVE-2016-2183 ***
---------------------------------------------
Today, Karthik Bhargavan and Gaetan Leurent from Inria have unveiled a new attack on Triple-DES, SWEET32, Birthday attacks on 64-bit block ciphers in TLS and OpenVPN. It has been assigned CVE-2016-2183. This post gives a bit of background and describes what OpenSSL is doing. For more details, see their website.
---------------------------------------------
https://www.openssl.org/blog/blog/2016/08/24/sweet32/


*** "Wildfire" Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free ***
---------------------------------------------
Intel Security and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of...
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/


*** BSI veröffentlicht Update zu den Top 10 Bedrohungen für Industrial Control Systems ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik (BSI) beobachtet die Bedrohungslage für Industrial Control Systems deshalb kontinuierlich. Die schwerwiegendsten Gefahren sowie passende Gegenmaßnahmen fasst das BSI seit 2012 im Dokument "Industrial Control System Security - Top 10 Bedrohungen und Gegenmaßnahmen" zusammen. Für das Jahr 2016 hat das Bundesamt nun ein Update des Papiers herausgegeben.
---------------------------------------------
https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/infos/20160823_Update_ICS_Top10.html


*** NSA-Exploit ExtraBacon soll deutlich mehr Cisco-Firewalls bedrohen ***
---------------------------------------------
Untersuchungen von Sicherheitsforschern legen nahe, dass auch neuere Version der Cisco Adaptive Security Appliance (ASA) angreifbar sind.
---------------------------------------------
http://heise.de/-3303629


*** Privilege Escalation on Linux with Live examples ***
---------------------------------------------
Introduction One of the most important phase during penetration testing or vulnerability assessment is Privilege Escalation. During that step, hackers and security researchers attempt to find out a way (exploit, bug, misconfiguration) to escalate between the system accounts. Of course, vertical privilege escalation is the ultimate goal. For many security researchers, this is a fascinating...
---------------------------------------------
http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/


*** Forscher sehen Löcher in Apples iOS-Sandbox ***
---------------------------------------------
Die iOS-Sandbox weist Wissenschaftlern zufolge "bedenkliche Sicherheitslücken" auf, die Apps den eigentlich verwehrten Zugriff auf Nutzerdaten ermöglichen - und Eingriff ins System. Apple will die Schwachstellen offenbar mit iOS 10 schließen.
---------------------------------------------
http://heise.de/-3304068


*** VMSA-2016-0013 ***
---------------------------------------------
VMware Identity Manager and vRealize Automation updates address multiple security issues
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0013.html


*** Moxa OnCell Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for several vulnerabilities in Moxa's OnCell products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01


*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-ipv6-en
---------------------------------------------
*** Security Advisory - Weak Encryption Algorithm Vulnerability in Huawei Servers ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-02-server-en
---------------------------------------------
*** Security Advisory - XXE Vulnerability in the E9000 ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-e9000-en
---------------------------------------------
*** Security Advisory - Uncontrolled Format String Vulnerability on Multiple Products ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-vrp-en
---------------------------------------------
*** Security Advisory - Reset Password and Information Leak Vulnerabilities in Huawei UMA ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-02-uma-en
---------------------------------------------
*** Security Advisory - Two Command Injection Vulnerabilities in Huawei UMA ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-uma-en
---------------------------------------------
*** Security Advisory - Information Leak Vulnerability in Huawei FusionSphere Product ***
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160824-01-xenstore-en
---------------------------------------------