[CERT-daily] Tageszusammenfassung - Donnerstag 11-02-2016

Daily end-of-shift report team at cert.at
Thu Feb 11 18:16:27 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 10-02-2016 18:00 − Donnerstag 11-02-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Critical bug found in Cisco ASA products, attackers are scanning for affected devices ***
---------------------------------------------
Several Cisco Adaptive Security Appliance (ASA) products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code exec...
---------------------------------------------
http://www.net-security.org/secworld.php?id=19427




*** Some notes on VirusTotal. ***
---------------------------------------------
Many of you are probably familiar with VirusTotal, a service that allows you to scan a file or URL using multiple antivirus and URL scanners. VirusTotal results are often used in write-ups about...read moreThe post Some notes on VirusTotal. appeared first on Webroot Threat Blog.
---------------------------------------------
http://www.webroot.com/blog/2016/02/09/some-notes-on-virustotal/




*** Seo-moz.com SEO Spam Campaign ***
---------------------------------------------
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites and stuffing spam keywords into the site. These links and keywords help the spam websites to rank higher in search engines like Google, sending evenRead More The post Seo-moz.com SEO Spam Campaign appeared first on Sucuri Blog.
---------------------------------------------
https://blog.sucuri.net/2016/02/seo-moz-com-seo-spam-campaign.html




*** Malvertising Via Skype Delivers Angler ***
---------------------------------------------
A recent malvertising campaign shows that platforms that display ads, even when they are not necessarily the browser, are not immune to the attack. An example of a popular non-browser application that shows ads is Skype. These images would be familiar to avid Skype users. This did not really bother us much until last night, when we...
---------------------------------------------
https://labsblog.f-secure.com/2016/02/10/malvertising-via-skype-delivers-angler/




*** Tomcat IR with XOR.DDoS, (Thu, Feb 11th) ***
---------------------------------------------
Apache Tomcat is a java based web service that is used for different applications. While you may have it running in your environment, you may not be familiar with its workings to provide adequate incident response "> "> ">0 S root 31847 1 0 80 0 - 1124641 futex_ 2015 ? 02:36:33 /usr/bin/java -classpath /usr/share/apache-tomcat-7.0.65/bin/bootstrap.jar ">Here you can see that it is running from /usr/share/apache-tomcat-7.0.65. ">The Tomcat configurations
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20721&rss




*** Building automation systems are so bad IBM hacked one for free ***
---------------------------------------------
Remote sites owned as router, controller and server all fall to pen-test team An IBM-led penetration testing team has thoroughly owned an enterprise building management network in a free assessment designed to publicise the horrid state of embedded device security.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/02/11/building_automation_systems_so_bad_ibm_hacked_one_for_free/




*** How Malware Detects Virtualized Environment, and its Countermeasures - An Overview ***
---------------------------------------------
Virtual Machines are usually considered a good way to analyze malware as they can provide an isolated environment for the malware to trigger but their actions can be controlled and intercepted. However, modern age malware detects their environment in which they are running, and if they detect they are running in VM, they sustain their...
---------------------------------------------
http://resources.infosecinstitute.com/how-malware-detects-virtualized-environment-and-its-countermeasures-an-overview/




*** DFN-CERT-2016-0252: Cisco Adaptive Security Appliance Software: Eine Schwachstelle ermöglicht die Übernahme der Systemkontrolle ***
---------------------------------------------
Eine Schwachstelle in der Cisco Adaptive Security Appliances Software ermöglicht einem entfernten, nicht authentifizierten Angreifer beliebigen Programmcode auszuführen und so die Kontrolle über ein betroffenes System zu übernehmen, auch ist die Durchführung eines Denial-of-Service-Angriffs möglich.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0252/




*** ZDI-16-163: Dell SonicWALL GMS Virtual Appliance Deserialization of Untrusted Data Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-163/




*** ZDI-16-164: Dell SonicWALL GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-164/




*** Cisco Spark Representational State Transfer Interface Information Disclosure Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp2




*** Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp1




*** Cisco Spark Representational State Transfer Interface Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp3




*** Cisco Advanced Malware Protection and Email Security Appliance Proxy Engine Security Bypass Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160211-esaamp




*** Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates ***
---------------------------------------------
A number of vulnerabilities have been identified in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway that could allow a malicious, unprivileged user to perform privileged operations or execute commands.
---------------------------------------------
https://support.citrix.com/article/CTX206001




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023318
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in curl affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023307
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Tivoli Storage Manager Operations Center and Tivoli Storage Manager Client Management Service (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976362
---------------------------------------------
*** IBM Security Bulletin:Security Bulletin: Vulnerability in IBM Java Runtime affect AppScan Source (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976569
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023298
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Linux Kernel affects PowerKVM (CVE-2016-0728) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023279
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in OpenSSL affects IBM Netezza Platform Software clients (CVE-2015-3194) ***
http://www.ibm.com/support/docview.wss?uid=swg21976419
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Order Management is affected by Apache Commons Collections security vulnerabilities (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21975793
---------------------------------------------
*** IBM Security Bulletin: Cross-site scripting vulnerability in Liberty for Java for IBM Bluemix (CVE-2015-7417) ***
http://www.ibm.com/support/docview.wss?uid=swg21976218
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM JAVA Runtime affect AppScan Source (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21976159
---------------------------------------------


More information about the Daily mailing list