[CERT-daily] Tageszusammenfassung - Montag 29-02-2016

Daily end-of-shift report team at cert.at
Mon Feb 29 18:14:37 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 26-02-2016 18:00 − Montag 29-02-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Fixing the Internets routing security is urgent and requires collaboration ***
---------------------------------------------
The Internet is fragile. Many of its protocols were designed at a time when the goal was rapid network expansion based on trust among operators. Today, the Internets open nature is what makes it so great for business, education and communication, but the absence of security mechanisms at its core is something that criminals are eager to exploit.In late January, traffic to many IP (Internet Protocol) addresses of the U.S. Marine Corps was temporarily diverted through an ISP in Venezuela.
---------------------------------------------
http://www.cio.com/article/3038752/fixing-the-internets-routing-security-is-urgent-and-requires-collaboration.html




*** Angler Exploit Kit Learns New Tricks, Finds Home On Popular Website ***
---------------------------------------------
Angler Exploit evaded detection through new technique that bypasses Firefox and Chrome security protection.
---------------------------------------------
http://threatpost.com/angler-exploit-kit-learns-new-tricks-finds-home-on-popular-website/116509/




*** HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer ***
---------------------------------------------
As Im generally quite occupied with my day job as Director of R&D at Synack, the weekend is when I finally have some free time to blog. This weekend I wasnt sure what Id write about until @osxreverser tweeted late Friday afternoon:...
---------------------------------------------
https://objective-see.com/blog/blog_0x0D.html




*** The rise of polymorphic malware ***
---------------------------------------------
97% of malware is unique to a specific endpoint, rendering signature-based security virtually useless. The data collected by Webroot throughout 2015 shows that today's threats are truly global and highly dynamic. Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information. Countering these threats requires an innovative approach to attack detection that leverages advanced techniques and...
---------------------------------------------
https://www.helpnetsecurity.com/2016/02/29/the-rise-of-polymorphic-malware/




*** ATMZombie: banking trojan in Israeli waters ***
---------------------------------------------
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. The incident Israeli banks experienced had a very fascinating and innovative method of stealing the money.
---------------------------------------------
http://securelist.com/blog/research/73866/atmzombie-banking-trojan-in-israeli-waters/




*** Increasing the resilience of Europe's telecommunication infrastructures through Incident Reporting ***
---------------------------------------------
A recent ENISA report analyses how mandatory incident reporting schemes have improved resilience and security in the EU telecoms sector. Experiences from this scheme can also serve as a model for the implementation of the forthcoming NIS Directive in other sectors.
---------------------------------------------
https://www.enisa.europa.eu/media/press-releases/increasing-the-resilience-of-europe2019s-telecommunication-infrastructures-through-incident-reporting




*** Security: 85 Prozent der SSL-VPNs haben unsichere Konfigurationen ***
---------------------------------------------
Zahlreiche SSL-VPNs sichern den Traffic der Nutzer nur unzureichend ab - das behauptet eine Sicherheitsfirma. Viele Anbieter würden nach wie vor SHA-1 oder MD5 verwenden. Außerdem seien rund 10 Prozent der Dienste für Heartbleed anfällig.
---------------------------------------------
http://www.golem.de/news/security-85-prozent-der-ssl-vpns-haben-unsichere-konfigurationen-1602-119450-rss.html




*** Klickbetrug: Trojaner-Familie infiltriert immer wieder Google Play ***
---------------------------------------------
Android-Nutzer müssen sich derzeit vor kostenlosen Apps in Acht nehmen, die sich als beliebte Spiele ausgeben. Dahinter verbergen sich Klickbetrugs-Apps, mit denen Gauner Kasse machen.
---------------------------------------------
http://heise.de/-3120091




*** Cyber-Attack Against Ukrainian Critical Infrastructure ***
---------------------------------------------
On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine. This report provides an account of the events that took place based on interviews with company personnel.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01




*** OpenSSL CVE-2016-0799: heap corruption via BIO_printf ***
---------------------------------------------
There are a couple of issues with OpenSSL's BIO_*printf() functions, defined in crypto/bio/b_print.c, that are set to be fixed in the forthcoming security release. The function that is primarily responsible for interpreting the format string and transforming this string and the functions arguments to a string is _dopr().
---------------------------------------------
https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/




*** VU#419128: IKE/IKEv2 protocol implementations may allow network amplification attacks ***
---------------------------------------------
Vulnerability Note VU#419128 IKE/IKEv2 protocol implementations may allow network amplification attacks Original Release date: 29 Feb 2016 | Last revised: 29 Feb 2016   Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks.  Description CWE-406: Insufficient Control of Network Message Volume (Network Amplification)IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios, an amplification of up to 900%...
---------------------------------------------
http://www.kb.cert.org/vuls/id/419128




*** F5 Security Advisory: libpng out-of-bounds read vulnerability CVE-2015-7981 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/21/sol21057235.html?ref=rss




*** APPLE-SA-2016-02-25-1 Apple TV 7.2.1 ***
---------------------------------------------
APPLE-SA-2016-02-25-1 Apple TV 7.2.1Apple TV 7.2.1 is now available and addresses the following:bootpAvailable for: Apple TV (3rd Generation)Impact: A malicious Wi-Fi network may be able to determine networksa device has previously accessedDescription: Upon connecting to a Wi-Fi network, iOS may havebroadcast MAC addresses of previously accessed networks via the DNAv4protocol. This issue was addressed through disabling DNAv4 onunencrypted Wi-Fi networks.CVE-IDCVE-2015-3778 : Piers...
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Feb/msg00000.html




*** Access Governance Suite 6.0-6.4 ***
---------------------------------------------
Abstract: README for HTML Fragment Privilege Escalation Vulnerability E-Fix E-Fix Deliverable:  AGS-SV-eFix022416.zipDocument ID: 5236850Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:AGS-SV-eFix022416.zip (3.83 kB)AGS-SV-eFix022416-CHECKSUM.txt (99 bytes)Products:Access Governance 6.4Access Governance 6.1Access Governance 6.2Access Governance 6.3Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=Tft9udlb11s~




*** D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow ***
---------------------------------------------
Topic: D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow Risk: High Text:Hello, We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discove...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020224




*** Bugtraq: [security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537637




*** Cisco Videoscape Distribution Suite for Internet Streaming TCP Session Handling Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is




*** Citrix Security Advisory for glibc Vulnerability CVE-2015-7547 ***
---------------------------------------------
A vulnerability has been recently disclosed in the glibc getaddrinfo() function. This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function. The issue has been assigned the following CVE identifier:...
---------------------------------------------
https://support.citrix.com/article/CTX206991




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM WebSphere MQ Internet Pass-Thru (CVE-2015-7575) ***
2016-02-26T13:23:47-05:00
http://www.ibm.com/support/docview.wss?uid=swg21977517
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects Rational Functional Tester (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976947
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere BigInsights (Applicable CVEs: CVE-2015-7575, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475) ***
http://www.ibm.com/support/docview.wss?uid=swg21976080
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0262) ***
http://www.ibm.com/support/docview.wss?uid=swg21977828
---------------------------------------------
*** IBM Security Bulletin: Current releases of the IBM SDK, Java Technology Edition are affected by CVE-2016-0603 ***
http://www.ibm.com/support/docview.wss?uid=swg21977549
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-8320) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000091
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance (CVE-2016-0475, CVE-2015-7575, CVE-2016-0448) ***
http://www.ibm.com/support/docview.wss?uid=swg21976366
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale (CVE-2016-0475, CVE-2015-7575, CVE-2016-0448) ***
http://www.ibm.com/support/docview.wss?uid=swg21976442
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime Version 6 affects IBM Cognos Business Viewpoint (CVE-2015-7575 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21977407
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view work logs during purchase orders that they should not have access to (CVE-2016-0222) ***
http://www.ibm.com/support/docview.wss?uid=swg21976949
---------------------------------------------
*** Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Switches (CVE-2015-3194, CVE-2015-3195) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099199
---------------------------------------------
*** IBM Security Bulletin: Insecure Transmission Vulnerability with IBM InfoSphere Information Server (CVE-2015-7490) ***
http://www.ibm.com/support/docview.wss?uid=swg21975827
---------------------------------------------
*** IBM Security Bulletin: libpng related security vulnerabilities identified in IBM Expeditor (CVE-2015-7981, CVE-2015-8126, CVE-2015-8540, CVE-2015-8472) ***
http://www.ibm.com/support/docview.wss?uid=swg21975904
---------------------------------------------
*** IBM Security Bulletin: Sensitive data lingers in memory on the WebSphere DataPower XC10 Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg21971658
---------------------------------------------
*** IBM Security Bulletin: Sensitive data lingers in memory on the WebSphere eXtreme Scale server ***
http://www.ibm.com/support/docview.wss?uid=swg21971657
---------------------------------------------
*** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance denial of service vulnerability (CVE-2015-5286) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021122
---------------------------------------------
*** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance security vulnerability (CVE-2015-5251) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021121
---------------------------------------------
*** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Nova denial of service vulnerability (CVE-2015-3280) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021120
---------------------------------------------


More information about the Daily mailing list