[CERT-daily] Tageszusammenfassung - Mittwoch 20-01-2016

Wed Jan 20 18:20:04 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 19-01-2016 18:00 − Mittwoch 20-01-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Survey shows many businesses aren't encrypting private employee data ***
---------------------------------------------
Many companies arent encrypting their own employees private data, according to a Sophos survey of IT decision makers in six countries.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/01/19/survey-shows-many-businesses-arent-encrypting-private-employee-data/


*** Android Malware Steals Voice-Based Two-Factor Authentication Codes (January 13 and 18, 2016) ***
---------------------------------------------
Symantec has detected malware created for Android devices that steals single-use passcodes generated to add a layer of security to online banking authentication procedures...
---------------------------------------------
http://www.sans.org/newsletters/newsbites/r/18/5/201


*** Dridex banking malware adds a new trick ***
---------------------------------------------
Dridex, the banking malware that wont go away, has been improved upon once again.IBMs X-Force researchers have found that the latest version of Dridex uses a DNS (Domain Name System) trick to direct victims to fake banking websites.The technique, known as DNS cache poisoning, involves changing DNS settings to direct someone asking for a legitimate banking website to a fake site.DNS cache poisoning is a powerful attack. Even if a person types in the correct domain name for a bank, the fake...
---------------------------------------------
http://www.cio.com/article/3024244/dridex-banking-malware-adds-a-new-trick.html


*** /tmp, %TEMP%, ~/Desktop, T:\, ... A goldmine for pentesters!, (Wed, Jan 20th) ***
---------------------------------------------
When you are performing a penetration test, you need to learn how your target is working: What kind of technologies and tools are used, how internal usernames are generated, email addresses format, ... Grabbing for such information is called the reconnaissance phase. Once you collected enough details, you can prepare your different scenarios to attack the target.All pentesters have their personal toolbox that has been enhanced day after day. In many cases, there is no real magic: to abuse or...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20631&rss


*** Critical Patch Update: Oracle stellt 248 Sicherheitspatches bereit ***
---------------------------------------------
Die bislang größte Sicherheitsptach-Sammlung von Oracle ist da und fixt Lücken in Database, Java, MySQL und Co. Dieses Mal steht Oracles E-Business Suite im Mittelpunkt.
---------------------------------------------
http://heise.de/-3077692


*** Apple Releases Patches for iOS, OS X and Safari ***
---------------------------------------------
Apple released security updates for iOS, OS X and Safari, patching a number of kernel-level code-execution vulnerabilities.
---------------------------------------------
http://threatpost.com/apple-releases-patches-for-ios-os-x-and-safari/115946/


*** Trojan for Android preinstalled on Phillips s307 firmware ***
---------------------------------------------
January 20, 2016 The past year was marked by a big number of firmware Trojans for Android capable to covertly download and install various software and display annoying advertisements. Android.Cooee.1 incorporated into the graphical shell of some cheap Chinese smartphones was one of them. Virus makers obviously continued to preinstall Android.Cooee.1 into mobile devices. This time, however, Doctor Web security researchers detected the Trojan on firmware of a well-known electronics manufacturer.
---------------------------------------------
http://news.drweb.com/show/?i=9792&lng=en&c=9


*** Primes, parameters and moduli ***
---------------------------------------------
First a brief history of Diffie-Hellman for those not familiar with it The short version of Diffie-Hellman is that two parties (Alice and Bob) want to share a secret so they can encrypt their communications and talk securely without an...
---------------------------------------------
https://securityblog.redhat.com/2016/01/20/primes-parameters-and-moduli/


*** Serious flaw patched in Intel Driver Update Utility ***
---------------------------------------------
A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.The tool, known as the Intel Driver Update Utility, can be downloaded from Intels support website. It provides an easy way to find the latest drivers for various Intel chipsets, graphics cards, wireless cards, desktop boards, Intel NUC mini PCs or the Intel Compute Stick.
---------------------------------------------
http://www.cio.com/article/3024345/serious-flaw-patched-in-intel-driver-update-utility.html


*** Cisco Guide to Harden Cisco IOS Devices ***
---------------------------------------------
This document contains information to help you secure your Cisco IOS system devices, which increases the overall security of your network. Structured around the three planes into which functions of a network device can be categorized, this document provides an overview of each included feature and references to related documentation.
---------------------------------------------
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html


*** Security Advisory: BIND vulnerability CVE-2015-8704 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/53/sol53445000.html?ref=rss


*** Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle ***
---------------------------------------------
Topic: Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle Risk: Medium Text:1. Advisory Information Title: Intel Driver Update Utility MiTM Advisory ID: CORE-2016-0001 Advisory URL: http://www.cores...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016010119


*** Oracle Critical Patch Update Advisory - January 2016 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html


*** Oracle Linux Bulletin - January 2016 ***
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html


*** HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS) ***
---------------------------------------------
A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure.
---------------------------------------------
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270


*** Xen Security Advisory CVE-2016-1571 / XSA-168 ***
---------------------------------------------
VMX: intercept issue with INVLPG on non-canonical address
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-168.html


*** Xen Security Advisory CVE-2016-1570 / XSA-167 ***
---------------------------------------------
PV superpage functionality missing sanity checks
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-167.html


*** Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-d9036


*** Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm


*** DFN-CERT-2016-0109: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0109/


*** DFN-CERT-2016-0106: NTP: Mehrere Schwachstellen ermöglichen u.a. das Darstellen falscher Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0106/


*** APPLE-SA-2016-01-19-3 Safari 9.0.3 ***
---------------------------------------------
APPLE-SA-2016-01-19-3 Safari 9.0.3Safari 9.0.3 is now available and addresses the following:WebKitAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,OS X El Capitan v10.11 to v10.11.2Impact: Visiting a maliciously crafted website may lead to arbitrarycode execution [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00004.html


*** APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 ***
---------------------------------------------
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update2016-001OS X El Capitan 10.11.3 and Security Update 2016-001 is now availableand addresses the following:AppleGraphicsPowerManagementAvailable for: OS X El Capitan v10.11 to v10.11. [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00003.html


*** APPLE-SA-2016-01-19-1 iOS 9.2.1 ***
---------------------------------------------
APPLE-SA-2016-01-19-1 iOS 9.2.1iOS 9.2.1 is now available and addresses the following:Disk ImagesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withkernel privileges [...]
---------------------------------------------
http://prod.lists.apple.com/archives/security-announce/2016/Jan/msg00002.html


*** DSA-3449 bind9 - security update ***
---------------------------------------------
It was discovered that specific APL RR data could trigger an INSISTfailure in apl_42.c and cause the BIND DNS server to exit, leading to adenial-of-service.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3449


*** Siemens OZW672 and OZW772 XSS Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a cross-site scripting vulnerability in Siemens OZW672 and OZW772 devices.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-019-01


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model V840 (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005584
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM FlashSystem model 840 (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005585
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2016-0777, CVE-2016-0778) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000044
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM SAN Volume Controller and Storwize Family (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005583
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Express for UNIX (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974473
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Sterling Connect:Direct for UNIX (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21974888
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM WebSphere MQ (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974466
---------------------------------------------
*** IBM Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2015-7488) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005580
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2015-8027, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) ***
http://www.ibm.com/support/docview.wss?uid=swg21974459
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Scale (CVE-2015-4843, CVE-2015-4805, CVE-2015-4810, CVE-2015-4806, CVE-2015-4871, CVE-2015-4902) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005579
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-4872 CVE-2015-4911 CVE-2015-4893 CVE-2015-4803) ***
http://www.ibm.com/support/docview.wss?uid=swg21974673
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SD affect Guardium Data Reduction ***
http://www.ibm.com/support/docview.wss?uid=swg21973724
---------------------------------------------
*** IBM Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=swg21971951
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express. ***
http://www.ibm.com/support/docview.wss?uid=swg21972376
---------------------------------------------