[CERT-daily] Tageszusammenfassung - Dienstag 5-07-2016

Daily end-of-shift report team at cert.at
Tue Jul 5 18:08:37 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 04-07-2016 18:00 − Dienstag 05-07-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** EU: 450 Millonen Euro für Cyberkriminalitäts-Forschung ***
---------------------------------------------
Im Kampf gegen Cyberkriminalität will die EU-Kommission bis 2020 insgesamt 450 Millionen Euro an Forschungsausgaben bereitstellen.
---------------------------------------------
http://futurezone.at/digital-life/eu-450-millonen-euro-fuer-cyberkriminalitaets-forschung/208.008.419




*** Word hole patched in 2012 is unchallenged king of Office exploits ***
---------------------------------------------
Its 2016, people, even the pirates have patched Possibly the most exploited unchallenged Microsoft Office vulnerability of the last decade was found and patched in 2012.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/05/magento_vulns/




*** Getting ready for the European Cyber Security Month (ECSM) ***
---------------------------------------------
ENISA together with the European Commission and its partners are preparing for this year's cyber security month running across the EU during October, focusing each week on a different topic.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/getting-ready-for-the-european-cyber-security-month-ecsm




*** Emulating and Exploiting Firmware binaries - Offensive IoT Exploitation series ***
---------------------------------------------
Welcome to the third post in the "Offensive IoT Exploitation" series. In the previous one, we learned about how we can get started with analyzing firmware and extracting file systems. In this post, we will take it a step further by analyzing individual binaries from firmware, and even exploiting commonly found vulnerabilities. There are two...
---------------------------------------------
http://resources.infosecinstitute.com/emulating-and-exploiting-firmware-binaries-offensive-iot-exploitation-series/




*** Exploiting Format Strings: Getting the Shell ***
---------------------------------------------
In this article, we will have a look at how to exploit format String vulnerabilities to get a shell. Overview: In this article, we will briefly have a look at how to overwrite specific memory location, how to inject our shellcode in current memory of program and further overwrite the some desired memory address to...
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-format-strings-getting-the-shell/




*** 85 Millionen Android-Geräte von HummingBad-Malware befallen ***
---------------------------------------------
HummingBad rootet Geräte und klickt auf Werbebanner, warnen Sicherheitsforscher. Das bringe den Kriminellen 300.000 US-Dollar im Monat ein. In Deutschland sollen zehntausende Geräte infiziert sein.
---------------------------------------------
http://heise.de/-3254664




*** SSD Advisory - Wget Arbitrary Commands Execution ***
---------------------------------------------
A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands.
---------------------------------------------
https://blogs.securiteam.com/index.php/archives/2701




*** Paper: New Keylogger on the Block ***
---------------------------------------------
In a new paper published by Virus Bulletin, Sophos researcher Gabor Szappanos takes a look at the KeyBase keylogger, sold as a commercial product and popular among cybercriminals who use it in Office exploit kits.  Read more...
---------------------------------------------
https://www.virusbulletin.com/blog/2016/07/paper-new-keylogger-block/




*** Lenovo ThinkPwn UEFI exploit also affects products from other vendors ***
---------------------------------------------
A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.An exploit for the vulnerability was published last week and can be used to execute rogue code in the CPUs privileged SMM (System Management Mode).This level of access can then be used to install a stealthy rootkit inside the computers Unified Extensible Firmware Interface (UEFI) -- the modern BIOS -- or...
---------------------------------------------
http://www.csoonline.com/article/3091753/security/lenovo-thinkpwn-uefi-exploit-also-affects-products-from-other-vendors.html#tk.rss_applicationsecurity




*** Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979), (Tue, Jul 5th) ***
---------------------------------------------
Apache released an important update today to fix a vulnerability that affects servers that have http/2 enabled and use TLS client certificates for authentication. Apache 2.4.18-20 are vulnerable if: - TLS certificates are used for authenticating clients (look for the SSLVerifyClient require directive in your configuration file) - http/2 is enabled. (see if the Protocols line includes h2 and/or h2c).">tshark -Y ssl.handshake.extensions_alpn_str == h2 -n -i en0 \ -T fields -e ip.src -e...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21223&rss




*** Unechte Amazon-Nachricht: Rechnung uber Ihre Verkaeufergebuehren ***
---------------------------------------------
Kriminelle versenden vermeintliche Amazon-Benachrichtigungen. Darin behaupten sie, dass eine Steuerrechnung verfügbar sei. Interessenten, die diese einsehen wollen, sollen einen Dateianhang öffnen und ihre persönlichen Zugangsdaten bekannt geben. Dabei handelt es sich um einen Datendiebstahlsversuch.
---------------------------------------------
https://www.watchlist-internet.at/phishing/unechte-amazon-nachricht-rechnung-uber-ihre-verkaeufergebuehren/




*** (Windows) Syslog Server "npriority" field remote Denial of Service vulnerability ***
---------------------------------------------
Bug Description: Syslog Server 1.2.3 is a free syslog server for Windows systems. The syslog server cannot handle the content of the npriority field well, whereupon the server may be collapsed by receiving a customized packet.
---------------------------------------------
http://www.securityfocus.com/archive/1/538836




*** VU#690343: Acer Portal app for Android does not properly validate SSL certificates ***
---------------------------------------------
Vulnerability Note VU#690343 Acer Portal app for Android does not properly validate SSL certificates Original Release date: 05 Jul 2016 | Last revised: 05 Jul 2016   Overview The Acer Portal app for Android allows customers to connect to the Acer Cloud. The Acer Portal app, from version 3.9.3.2003 to 3.9.3.2006, does not properly validate SSL certificates when connecting to the Acer Cloud.  Description CVE-2016-5648 - CWE-295: Improper Certificate ValidationThe Acer Portal app for Android, from
---------------------------------------------
http://www.kb.cert.org/vuls/id/690343




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Workload Scheduler (CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176) ***
http://www.ibm.com/support/docview.wss?uid=swg21985850
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Tivoli Netcool/Reporter ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986007
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000114
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in NPM affects IBM API Connect (CVE-2016-3956, CVE-2016-2537, CVE-2016-2515) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986144
---------------------------------------------


More information about the Daily mailing list