[CERT-daily] Tageszusammenfassung - Freitag 8-07-2016

Daily end-of-shift report team at cert.at
Fri Jul 8 18:09:08 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 07-07-2016 18:00 − Freitag 08-07-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Pentesters (and Attackers) Love Internet Connected Security Cameras!, (Wed, Jul 6th) ***
---------------------------------------------
A recent story making the rounds in both the infosec and public press is the recent use of internet-connected security cameras as a base for DDOS attacks. They dont have a lot of CPU, but theyre linux platforms that are easily hackable, never get updated and usually have good bandwidth available to them. This shouldnt come as any surprise to folks who are in the security business, or those who do any kind of a product eval before they plug new gear into their network. I see security cameras on...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21231&rss




*** D-Link Wi-Fi Camera Flaw Extends to 120 Products ***
---------------------------------------------
A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company.
---------------------------------------------
http://threatpost.com/d-link-wi-fi-camera-flaw-extends-to-120-products/119097/




*** Zero-day flaw lets hackers tamper with your car through BMW portal ***
---------------------------------------------
Researchers have disclosed zero-day vulnerabilities affecting the BMW web domain and ConnectedDrive portal which remain unpatched and open to attack. According to researchers from Vulnerability Labs, there are two main bugs both related to the BMW online service web app for ConnectedDrive, the connected car hub for new, internet-connected vehicles produced by the automaker.
---------------------------------------------
http://www.zdnet.com/article/hackers-can-tamper-with-car-registration-through-bmw-connected-car-portal/




*** CryptXXX, Cryptobit Ransomware Spreading Through Campaign ***
---------------------------------------------
Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains.
---------------------------------------------
http://threatpost.com/cryptxxx-cryptobit-ransomware-spreading-through-campaign/119116/




*** BMW ConnectedDrive flaws could be misused to tamper with car settings ***
---------------------------------------------
Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The first one is a client-side cross site scripting web vulnerability that could be exploited by a remote attacker without a privileged account to inject his own malicious script codes to the client-side of the affected module context. Minimal user interaction is needed for this attack to work.
---------------------------------------------
https://www.helpnetsecurity.com/2016/07/08/bmw-connecteddrive-flaws/




*** BSI-Lagedossier erklärt Krypto-Trojaner ***
---------------------------------------------
Das BSI erklärt auf 35 Seiten, was es mit Ransomware auf sich hat, welche Familien wie verbreitet sind und wie man sich die Dinger vom Hals hält.
---------------------------------------------
http://heise.de/-3262333




*** Keydnap: Mac-Malware will Passwörter aus Schlüsselbund klauen ***
---------------------------------------------
Der als harmlose Datei getarnte Schädling versucht mit einem Trick, das Passwort des Nutzers zu erlangen. Mit Root-Rechten geht Keydnap dann auf die Jagd nach den im Schlüsselbund von OS X abgelegten Kennwörtern.
---------------------------------------------
http://heise.de/-3262501




*** 1,025 Wendy's Locations Hit in Card Breach ***
---------------------------------------------
At least 1,025 Wendys locations were hit by a malware-driven credit card breach that began in the fall of 2015, the nationwide fast-food chain said Thursday. The announcement marks a significant expansion in a data breach that is costing banks and credit unions plenty: Previously, Wendys had said the breach impacted fewer than 300 locations.
---------------------------------------------
http://krebsonsecurity.com/2016/07/1025-wendys-locations-hit-in-card-breach/




*** Dropping Elephant APT Targets Old Windows Flaws ***
---------------------------------------------
Dropping Elephant, an advanced persistent threat group, is using old exploits to target unpatched version of Windows in highly effective cyber espionage campaign.
---------------------------------------------
http://threatpost.com/dropping-elephant-apt-targets-old-windows-flaws/119123/




*** Initiative im Bundesrat: Härteres Vorgehen gegen Botnetz-Kriminalität ***
---------------------------------------------
Wer in ein Haus einbricht, kann wegen Hausfriedensbruch oder Diebstahl zur Verantwortung gezogen werden. Wer sich Zugang zu einem fremden Rechner verschafft, soll laut einer Gesetzesinitiative ähnliches zu erwarten haben.
---------------------------------------------
http://heise.de/-3262684




*** Security Advisories Relating to Symantec Products - Symantec Client IDS Driver PE File Memory Corruption Denial of Service ***
---------------------------------------------
Symantecs Client Intrusion Detection System (CIDS) driver may cause a system crash when interacting with a specifically-crafted Portable Executable file.
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160707_01




*** Security Advisories Relating to Symantec Products - Symantec Workspace Streaming and Workspace Virtualization Path Traversal and Arbitrary File Read ***
---------------------------------------------
Symantec Workspace Streaming (SWS) and Workspace Virtualization (SWV) management consoles were susceptible to a path traversal in a file download configuration file that could allow a malicious user who could access the vulnerable file to view unauthorized application files of specific file types. An authenticated console user could manipulate this same file to read any file on the host system. This could potentially provide additional information for staging additional attacks on the...
---------------------------------------------
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160707_00




*** WECON LeviStudio Buffer Overflow Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for buffer overflow vulnerabilities in WECON's LeviStudio software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-01




*** Moxa Device Server Web Console Authorization Bypass Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an authorization bypass vulnerability in Moxa's Device Server Web Console.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-189-02




*** Security Advisory - Two Buffer Overflow Vulnerabilities in Wi-Fi Driver of Huawei Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160708-01-smartphone-en




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects ProtecTIER (CVE-2016-2108) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1007982
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986473
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Oracle Outside In Technology affects IBM Rational DOORS Next Generation (CVE-2016-3455) ***
http://www.ibm.com/support/docview.wss?uid=swg21985994
---------------------------------------------
*** IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985736
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099423
---------------------------------------------
*** IBM Security Bulletin: Vulnerability affects IBM Rational Team Concert GIT Integration (CVE-2016-2865 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21985865
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Libcurl affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2016-0755) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099424
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099425
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426
---------------------------------------------


More information about the Daily mailing list