[CERT-daily] Tageszusammenfassung - Mittwoch 7-12-2016
Daily end-of-shift report
team at cert.at
Wed Dec 7 18:11:44 CET 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 06-12-2016 18:00 − Mittwoch 07-12-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Onlinewerbung: Forscher stoppen monatelange Malvertising-Kampagne ***
---------------------------------------------
Über eine Malvertising-Kampagne ist in den vergangenen Monaten Schadcode verteilt worden. Die Macher des Stegano-Exploit-Kits versteckten dabei unsichtbare Pixel in Werbeanzeigen und nutzen Exploits in Flash und dem Internet Explorer.
---------------------------------------------
http://www.golem.de/news/onlinewerbung-forscher-stoppen-monatelange-malvertising-kampagne-1612-124928-rss.html
*** Petya-Variante: Goldeneye-Ransomware verschickt überzeugende Bewerbungen ***
---------------------------------------------
Kurz vor dem Jahresende gibt es erneut eine größere Ransomware-Kampagne in Deutschland. Kriminelle verschicken mit Goldeneye professionell aussehende Bewerbungen an Personalabteilungen - und nutzen möglicherweise Informationen des Arbeitsamtes.
---------------------------------------------
http://www.golem.de/news/petya-variante-goldeneye-ransomware-verschickt-ueberzeugende-bewerbungen-1612-124940-rss.html
*** Kriminelle könnten Daten von Visa-Kreditkarten vergleichsweise einfach erraten ***
---------------------------------------------
In einer Studie zeigen Sicherheitsforscher, wie sie CVV-Nummern und andere Kreditkarten-Daten in wenigen Sekunden erraten und damit anschließend Geld überweisen.
---------------------------------------------
https://heise.de/-3564898
*** Flash Exploit Found in Seven Exploit Kits ***
---------------------------------------------
An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future.
---------------------------------------------
http://threatpost.com/flash-exploit-found-in-seven-exploit-kits/122284/
*** Explained: Domain Generating Algorithm ***
---------------------------------------------
Domain Generating Algorithms are in use by cyber criminals to prevent their servers from being blacklisted or taken down. The algorithm produces random looking domain names. The idea is that two machines using the same algorithm will contact the same domain at a given time.Categories: Security world TechnologyTags: algorithmdgadomainDomain Generating AlgorithmgeneratinggenerationPieter Arntz(Read more...)
---------------------------------------------
https://blog.malwarebytes.com/security-world/2016/12/explained-domain-generating-algorithm/
*** Attacking NoSQL applications, (Tue, Dec 6th) ***
---------------------------------------------
In last couple of years, the MEAN stack (MongoDB, Express.js, Angular.js and Node.js) became the stack of choice for many web application developers. The main reason for this popularity is the fact that the stack supports both client and server side programs written in JavaScript, allowing easy development. The core database used by the MEAN stack, MongoDB, is a NoSQL database program that uses JSON-like documents with dynamic schemas allowing huge flexibility. Although NoSQL databases are not...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21787&rss
*** MSRT December 2016 addresses Clodaconas, which serves unsolicited ads through DNS hijacking ***
---------------------------------------------
In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we continue taking down unwanted software, the pesky threats that force onto our computers things that we neither want nor need. BrowserModifier:Win32/Clodaconas, for instance, displays ads when you're browsing the internet. It modifies search results pages so that you see unsolicited ads related to your...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/12/06/msrt-december-2016-addresses-clodaconas-which-serves-unsolicited-ads-through-dns-hijacking/
*** Unrestricted Backend Login Method Seen in OpenCart ***
---------------------------------------------
>From the attacker's perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malware and perform different kinds of malicious activities. One of the ways attackers try to secure their access is by adding admin users, or pieces of malicious code throughout the site. This allows them to regain access easily, if needed. However, we recently found a unique way to achieve this kind of breach.
---------------------------------------------
https://blog.sucuri.net/2016/12/unrestricted-backend-login.html
*** Crims using anti-virus exclusion lists to send malware to where it can do most damage ***
---------------------------------------------
When vendors tell you what to whitelist, crims are reading too Advanced malware writers are using anti-virus exclusion lists to better target victims, researchers say.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
*** Deep Analysis of the Online Banking Botnet TrickBot ***
---------------------------------------------
TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and Ireland, to name a few.
---------------------------------------------
http://blog.fortinet.com/2016/12/06/deep-analysis-of-the-online-banking-botnet-trickbot
*** Debugging war story: the mystery of NXDOMAIN ***
---------------------------------------------
The following blog post describes a debugging adventure on Cloudflares Mesos-based cluster. This internal cluster is primarily used to process log file information so that Cloudflare customers have analytics, and for our systems that detect and respond to attacks.The problem encountered didnt have any effect on our customers,
---------------------------------------------
https://blog.cloudflare.com/debugging-war-story-the-mystery-of-nxdomain/
*** Popular smart toys violate children's privacy rights? ***
---------------------------------------------
My Friend Cayla and i-Que, two extremely popular "smart" toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children's) rights to security and privacy, researchers have found. The toys come with companion apps, and the latter use services by Nuance Communications, a company headquartered in Massachussetts that specializes in voice-and speech-recognition services for a variety of industries.
---------------------------------------------
https://www.helpnetsecurity.com/2016/12/07/smart-toys-privacy-rights/
*** Bugtraq: [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539883
*** Security Advisory - Privilege Escalation Vulnerability in Some Huawei Storage Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161207-01-storage-en
*** Security Advisory - Dirty COW Vulnerability in Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161207-01-dirtycow-en
*** Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161207-01-smartphone-en
*** Tesla Gateway ECU Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a Gateway ECU vulnerability in Teslas Model S automobile.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01
*** Locus Energy LGate Command Injection Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a command injection vulnerability in Locus Energy's LGate application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0
*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: Python urllib and urllib2 library vulnerability CVE-2016-5699 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/10/sol10420455.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1839 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/26/sol26422113.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1840 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/14/sol14614344.html?ref=rss
---------------------------------------------
*** Security Advisory: PHP vulnerability CVE-2016-7127 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/89/sol89002224.html?ref=rss
---------------------------------------------
*** Security Advisory: PHP vulnerabilities CVE-2016-6288 and CVE-2016-6289 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/34/sol34985231.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2016-1838 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71926235.html?ref=rss
---------------------------------------------
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1
---------------------------------------------
*** Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1
---------------------------------------------
*** Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa
---------------------------------------------
*** Cisco Firepower Management Center Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc
---------------------------------------------
*** Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm
---------------------------------------------
*** Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca
---------------------------------------------
*** Cisco Identity Services Engine Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1
---------------------------------------------
*** Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise
---------------------------------------------
*** Cisco IOS XR Software Default Credentials Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr
---------------------------------------------
*** Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf
---------------------------------------------
*** Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr
---------------------------------------------
*** Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509
---------------------------------------------
*** Cisco IOS Frame Forwarding Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios
---------------------------------------------
*** Cisco Intercloud Fabric Director Static Credentials Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf
---------------------------------------------
*** Cisco Hybrid Media Service Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms
---------------------------------------------
*** Cisco FirePOWER Malware Protection Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr
---------------------------------------------
*** Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower
---------------------------------------------
*** Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp
---------------------------------------------
*** Cisco Expressway Series Software Security Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway
---------------------------------------------
*** Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1
---------------------------------------------
*** Cisco Email Security Appliance and Web Security Appliance Content Filter Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa
---------------------------------------------
*** Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur
---------------------------------------------
*** Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm
---------------------------------------------
*** Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons
---------------------------------------------
*** Cisco Emergency Responder Directory Traversal Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1
---------------------------------------------
*** Cisco Emergency Responder Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer
---------------------------------------------
*** Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf
---------------------------------------------
*** Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos
---------------------------------------------
*** Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1
---------------------------------------------
*** Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr
---------------------------------------------
Next End-of-Shift report: 2016-12-09
More information about the Daily
mailing list