[CERT-daily] Tageszusammenfassung - Montag 11-07-2016

Mon Jul 11 18:08:27 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 08-07-2016 18:00 − Montag 11-07-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Researchers Develop A Way To Stop Ransomware By Watching The Filesystem ***
---------------------------------------------
An anonymous reader quotes a report from Phys.Org: Ransomware -- what hackers use to encrypt your computer files and demand money in exchange for freeing those contents -- is an exploding global problem with few solutions, but a team of University of Florida researchers says it has developed a way to stop it dead in its tracks. The answer, they say, lies not in keeping it out of a computer but rather in confronting it once its there ...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Z6eYMxY95mo/researchers-develop-a-way-to-stop-ransomware-by-watching-the-filesystem


*** BMWs ConnectedDrive ist löchrig ***
---------------------------------------------
Die eine Schwachstelle betrifft die Registrierung von Fahrzeugen anhand einer Fahrzeugnummer (VIN). Die dafür vorgesehene Überprüfung lässt sich überrumpeln, sodass Konfigurationsdaten anderer Fahrzeuge offen stehen. Damit sollen sich nicht nur Playlisten, E-Mail-Konten, Fahrrouten und Verkehrsinformationen manipulieren, sondern Fahrzeuge auch auf- und abschließen lassen.
---------------------------------------------
http://heise.de/-3262756


*** Researchers Find Over 6,000 Compromised Redis Installations ***
---------------------------------------------
An anonymous Slashdot reader writes: Security researchers have discovered over 6,000 compromised installations of Redis, the open source in-memory data structure server, among the tens of thousands of Redis servers indexed by Shodan. "By default, Redis has no authentication or security mechanism enabled, and any security mechanisms must be implemented by the end user."
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/UFahhS2H-bU/researchers-find-over-6000-compromised-redis-installations


*** Polycom HDX 7000 Series Input Validation Flaw Lets Remote Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
The web client does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser.
---------------------------------------------
http://www.securitytracker.com/id/1036261


*** Lessons Learned from Industrial Control Systems, (Sun, Jul 10th) ***
---------------------------------------------
However, like many of you, I have certain business-critical systems running on legacy hardware or requiring now-unsupported Operating Systems.  These are the systems that you can't patch, or that even if they experience a compromise, you can't immediately shut them down.  How to you secure networks with such constraints?
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21243&rss


*** Industrial cybersecurity threat landscape ***
---------------------------------------------
Expansion of the Internet makes ICS easier prey to attackers. The number of ICS components available over the Internet increases every year. Taking into account that initially many ICS solutions and protocols were designed for isolated environments, such availability often provides a malicious user with multiple capabilities to cause impact to the infrastructure behind the ICS due to lack of security controls.
---------------------------------------------
http://securelist.com/analysis/publications/75343/industrial-cybersecurity-threat-landscape/


*** System Management Mode (SMM) BIOS Vulnerability ***
---------------------------------------------
Lenovo Security Advisory: LEN-8324 Potential
Impact: Execution of code in SMM by an attacker with local administrative access
Severity: High
Scope of Impact: Industry-wide
Update as of 7/7/2016: The "Product Impact" section below of this advisory has been updated.
---------------------------------------------
https://support.lenovo.com/ch/en/solutions/LEN-8324


*** D-Link kündigt Sicherheits-Patch für einige Produkt-Serien an ***
---------------------------------------------
Sicherheitsforscher haben eine Lücke in einer Webcam von D-Link entdeckt, über die Angreifer das Administrator-Kennwort überschreiben können. Die Schwachstelle soll noch weitere Produkte des Herstellers bedrohen.
---------------------------------------------
http://heise.de/-3263433


*** Berichte über neue Erpressungswelle mit iPhone-Fernsperre ***
---------------------------------------------
Angreifer setzen offenbar erneut auf 'Mein iPhone suchen', um das Gerät aus der Ferne zu sperren. Die Freigabe des iPhones erfolge nur nach Zahlung einer Lösegeldsumme, so die Drohung.
---------------------------------------------
http://heise.de/-3263761


*** Cisco Adaptive Security Appliance Access Control List ICMP Echo Request Code Filtering Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Adaptive Security Appliance (ASA) Software implementation of access control list (ACL) permit and deny filters for ICMP Echo Reply messages could allow an unauthenticated, remote attacker to bypass ACL configurations for an affected device. ICMP traffic that should be denied may instead be allowed through an affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160711-asa


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect Rational Insight ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986564
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986563
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Tomcat affects Rational Insight (CVE-2015-5174) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986559
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache Tomcat affects Rational Reporting for Development Intelligence (CVE-2015-5174) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986558
---------------------------------------------
*** IBM Security Bulletin: The IBM BigFix Platform has a cross-site scripting vulnerability (CVE-2016-0269) ***
http://www.ibm.com/support/docview.wss?uid=swg21985734
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM Tivoli / Security Directory Server ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986452
---------------------------------------------