[CERT-daily] Tageszusammenfassung - Donnerstag 15-12-2016

Thu Dec 15 18:18:46 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 14-12-2016 18:00 − Donnerstag 15-12-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** No More Ransom Project Expands with 34 New Partners, 32 New Free Decryption Tools ***
---------------------------------------------
The "No More Ransom" project, set up in July by Intel Security, Kaspersky Lab, Europol, and the Dutch National police to help victims of ransomware infections, has expanded today with 34 new partners, and 32 new decryptors that can help ransomware victims unlock their files for free. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/no-more-ransom-project-expands-with-34-new-partners-32-new-free-decryption-tools/


*** Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe ***
---------------------------------------------
Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/


*** Yahoo muss erneut Massenhack beichten: Eine Milliarde Opfer ***
---------------------------------------------
Im September hatte Yahoo einen Hack von über einer halben Milliarde Nutzerkonten bekanntgegeben. Den Rekord hat Yahoo nun gebrochen. Diesmal geht es um über eine Milliarde Konten. Dazu kommen gezielte Attacken mittels Cookies.
---------------------------------------------
https://heise.de/-3570674


*** Mobile Ransomware: How to Protect Against It ***
---------------------------------------------
In our previous post, we looked at how malware can lock devices, as well as the scare tactics used to convince victims to pay the ransom. Now that we know what bad guys can do, well discuss the detection and mitigation techniques that security vendors can use to stop them. By sharing these details with other researchers, we hope to improve the industrys collective knowledge on mobile ransomware mitigation.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XaGWjnUqHoY/


*** DefCamp Romania 2016 Videos and Slides ***
---------------------------------------------
November 10-11, 2016, Bucharest, Romania
---------------------------------------------
https://def.camp/archives/2016/


*** The Kings in Your Castle, Pt #5 ***
---------------------------------------------
The last part in the article series about analyzing modern APTs deals with naming and attribution of APTs. This is far less trivial than it sounds. Analysts are often facing the same enemy all over again without realizing it.
---------------------------------------------
https://blog.gdatasoftware.com/2016/12/29379-the-kings-in-your-castle-pt-5


*** Sicherheitslücken: Updates auch für ältere macOS-Versionen ***
---------------------------------------------
Neben den in macOS Sierra und dem Browser Safari gestopften Schwachstellen hat Apple auch Sicherheits-Updates für OS X El Capitan und Yosemite veröffentlicht. Diese beheben eine kritische Schwachstelle.
---------------------------------------------
https://heise.de/-3572108


*** Ask Sucuri: How to Stop Brute Force Attacks? ***
---------------------------------------------
Again, there is no mystery to this: Enforce a strong password for all the users and a brute force attack will not succeed. The underlying problem, however, is a bit more complicated
---------------------------------------------
https://blog.sucuri.net/2016/12/ask-sucuri-how-to-stop-brute-force-attacks.html


*** A Backdoor in Skype for Mac OS X ***
---------------------------------------------
Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which provides an API to local programs/plugins executing on the local machine. The API is formally known as the Desktop API (previously known as the Skype...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/


*** 5 Best Password Auditing Tools ***
---------------------------------------------
A single weak password exposes your entire network to an external threat. Password hacking is one of the most critical and commonly exploited network security threats. In many ways, passwords should be viewed as your first line of defense where protecting your company's data is concerned. The huge number of data breaches occurs because someone...
---------------------------------------------
http://resources.infosecinstitute.com/5-best-password-auditing-tools/


*** DFN-CERT-2016-2040: Netgear Router: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes mit Administratorrechten ***
---------------------------------------------
Version 3 (2016-12-15 15:42)
Der Hersteller aktualisiert den referenzierten Sicherheitshinweis und bestätigt auch die Verwundbarkeit von DSL-Modems mit den Modellnummern D6220 und D6400. Für alle verwundbaren WLAN- und DSL-Router stehen mittlerweile Firmwareupdates im Beta-Status als temporäre Lösung zur Verfügung. Netgear arbeitet weiter an einer Produktionsversion der Firmware für alle betroffenen Geräte.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2040/


*** Remote shell execution vulnerability affects Good Enterprise Mobility Server (BSRT-2016-008) ***
---------------------------------------------
This advisory addresses a remote shell execution vulnerability that has been discovered in Good Enterprise Mobility Server (GEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited by the requirement that a potential attacker possess access to the internal network and by the functionality of the Karaf command shell.
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?articleNumber=000038814


*** Bugtraq: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539925


*** F5 Security Advisory: Kerberos vulnerability CVE-2014-4343 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15553.html?ref=rss


*** Sentinel 7.4 SP4 (Sentinel 7.4.4.0) Build 2904 ***
---------------------------------------------
Abstract: Sentinel 7.4.3 upgrade for Sentinel 7.4Document ID: 5264470Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.4.4.0-2904.x86_64.tar.gz (1.74 GB)sentinel_server-7.4.4.0-2904.x86_64.tar.gz.sha256 (109 bytes)Products:SentinelSentinel 7.4.4Sentinel 7.XSentinel 7.2Sentinel 7.4Sentinel 7.3Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4.1Sentinel 7.4.2Sentinel 7.3.3Sentinel 7.4.3Sentinel 7.3.4Superceded Patches:Sentinel 7.4 SP3
---------------------------------------------
https://download.novell.com/Download?buildid=RaGN-vIdupQ~


*** Security Advisory - Stack Overflow Vulnerability in Drive of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161215-01-smartphone-en


*** SAP ***
---------------------------------------------
*** Vuln: SAP Mobile Defense & Security Remote Authorization Bypass Vulnerability ***
http://www.securityfocus.com/bid/94902
---------------------------------------------
*** Vuln: SAP HANA Cockpit Cross Site Scripting Vulnerability ***
http://www.securityfocus.com/bid/94897
---------------------------------------------
*** Vuln: SAP HANA Remote Authorization Bypass Vulnerability ***
http://www.securityfocus.com/bid/94898
---------------------------------------------
*** Vuln: SAP HANA XS Classic Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94896
---------------------------------------------
*** Vuln: SAP HANA Cockpit Information Disclosure Vulnerability ***
http://www.securityfocus.com/bid/94910
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances allow web pages to be stored locally (CVE-2016-3024) ***
http://www.ibm.com/support/docview.wss?uid=swg21995340
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3021) ***
http://www.ibm.com/support/docview.wss?uid=swg21995436
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3023) ***
http://www.ibm.com/support/docview.wss?uid=swg21995348
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to incorrect permission assignment (CVE-2016-3022) ***
http://www.ibm.com/support/docview.wss?uid=swg21995360
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by cross-site scripting vulnerabilities (CVE-2016-3018) ***
http://www.ibm.com/support/docview.wss?uid=swg21995347
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to misconfiguration (CVE-2016-3017) ***
http://www.ibm.com/support/docview.wss?uid=swg21995519
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability related to code integrity checking (CVE-2016-3016) ***
http://www.ibm.com/support/docview.wss?uid=swg21995518
---------------------------------------------
*** IBM Security Bulletin: IBM Notes is affected with Open Source Apache Struts Vulnerabilities (CVE-2016-1181, CVE-2016-1182) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21988182
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989337
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3627) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991909
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995989
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSLaffect IBM WebSphere MQ V6.0 on OpenVMS Alpha and Itanium platforms ( CVE-2016-2183 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21995922
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-6316, CVE-2016-6317 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991913
---------------------------------------------
*** IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033) ***
http://www.ibm.com/support/docview.wss?uid=swg21995545
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991682
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-3485, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991910
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an SQL Injection vulnerability (CVE-2016-3046) ***
http://www.ibm.com/support/docview.wss?uid=swg21995527
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information disclosure vulnerability (CVE-2016-3045) ***
http://www.ibm.com/support/docview.wss?uid=swg21995435
---------------------------------------------
*** IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3043) ***
http://www.ibm.com/support/docview.wss?uid=swg21995446
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4483) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991911
---------------------------------------------