[CERT-daily] Tageszusammenfassung - Freitag 22-01-2016
Daily end-of-shift report
team at cert.at
Fri Jan 22 18:10:03 CET 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 21-01-2016 18:00 − Freitag 22-01-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Scanning for Fortinet ssh backdoor, (Thu, Jan 21st) ***
---------------------------------------------
On 11 Jan, a Python script was posted on the full-disclosure mailing list that took advantage of a hardcoded ssh password in some older versions of various products from Fortinet (see complete list in Ref [1] below). Looking at our collected ssh data, weve seen an increase in scanning for those devices in the days since the revelation of the vulnerability. Nearly all of this scanning has come from two IPs in China (124.160.116.194 and 183.131.19.18). So if you...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20635&rss
*** Unknown attackers are infecting home routers via dating sites ***
---------------------------------------------
Damballa researchers have spotted an active campaign aimed at infecting as many home routers possible with a worm. A variant of the TheMoon worm, it works by taking advantage of a weakness in the H...
---------------------------------------------
http://www.net-security.org/malware_news.php?id=3192
*** Security: Auch Kreditkarten mit Chip und PIN können kopiert werden ***
---------------------------------------------
Bislang war bekannt, dass Kreditkarten mit Magnetstreifen mit trivialen Mitteln kopierbar sind. Aktuelle Recherchen zeigen, dass auch Karten mit dem besser gesicherten Chip-und-PIN-Verfahren kopiert werden können - weil einige Banken schlampen.
---------------------------------------------
http://www.golem.de/news/security-auch-kreditkarten-mit-chip-und-pin-koennen-kopiert-werden-1601-118685-rss.html
*** Fraunhofer ESK: Skype ist Sicherheitsrisiko für Firmen ***
---------------------------------------------
Wissenschaftler des Fraunhofer-ESK-Instituts haben Microsofts Instant-Messaging-Dienst Skype untersucht und raten Firmen vom Einsatz ab. Vor allem wegen der Netzarchitektur und der Verschlüsselung haben sie Sicherheitsbedenken.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Fraunhofer-ESK-Skype-ist-Sicherheitsrisiko-fuer-Firmen-3082090.html
*** Extracting pcap from memory , (Fri, Jan 22nd) ***
---------------------------------------------
I have talked many times about memory forensics and how useful its. In this diary I am going to talk about how to extract a pcap file from a memory image using bulk_extractor. Of course when we are extracting a pcap file from a memory image we are going to not have everything but there will be some remanence that can help in our investigation bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20639&rss
*** Trojan.DNSChanger circumvents Powershell restrictions ***
---------------------------------------------
We take a close look at the functionality of a new variant of the DNS-changer adware family. Especially the use of encoded scripts as a way to bypass the Powershell execution protection.Categories: Security ThreatTags: adwarechangerdnsPieter Arntzpowershellrestrictedrestrictionstrojan(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/security-threat/2016/01/trojan-dnschanger-circumvents-powershell-restrictions/
*** Citrix XenServer Security Update for CVE-2016-1571 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host in certain deployments. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.
---------------------------------------------
https://support.citrix.com/article/CTX205496
*** Multiple Buffalo network devices vulnerable to cross-site scripting ***
---------------------------------------------
Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability.
---------------------------------------------
http://jvn.jp/en/jp/JVN49225722/
*** Multiple Buffalo network devices vulnerable to cross-site request forgery ***
---------------------------------------------
Multiple network devices provided by BUFFALO INC. contain a cross-site request forgery vulnerability.
---------------------------------------------
http://jvn.jp/en/jp/JVN09268287/
*** DSA-3451 fuse - security update ***
---------------------------------------------
Jann Horn discovered a vulnerability in the fuse (Filesystem inUserspace) package in Debian. The fuse package ships an udev ruleadjusting permissions on the related /dev/cuse character device, makingit world writable.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3451
*** DFN-CERT-2016-0129: NTP: Eine Schwachstelle ermöglicht das Erlangen von Administratorrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0129/
*** DFN-CERT-2016-0125: Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe und das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0125/
*** USN-2879-1: rsync vulnerability ***
---------------------------------------------
Ubuntu Security Notice USN-2879-121st January, 2016rsync vulnerabilityA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryrsync could be made to write files outside of the expected directory.Software description rsync - fast, versatile, remote (and local) file-copying tool DetailsIt was discovered that rsync incorrectly handled invalid filenames. Amalicious server could use this issue to write files outside of...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2879-1/
*** CAREL PlantVisor Enhanced Authentication Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authorization bypass vulnerability in CAREL's PlantVisor application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-021-01
*** Security Advisory: NTP vulnerabilities CVE-2015-5194 and CVE-2015-5195 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02360853.html?ref=rss
*** Bugtraq: January 2016 - Bamboo - Critical Security Advisory ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537347
More information about the Daily
mailing list