[CERT-daily] Tageszusammenfassung - Dienstag 7-06-2016

Tue Jun 7 18:08:17 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 06-06-2016 18:00 − Dienstag 07-06-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Gezielte Trojaner-Mails mit persönlichen Daten aus dem LinkedIn-Hack ***
---------------------------------------------
Aktuell kursieren gefälschte Rechnungen mit Trojaner im Gepäck, die sich LinkedIn-Daten zunutze machen und deswegen plausibel wirken.
---------------------------------------------
http://heise.de/-3228473


*** Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript ***
---------------------------------------------
This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks, McAfee Labs has observed a huge increase in spam related to Locky, a new ransomware threat spread via spam campaigns. The contents of the spam email are carefully crafted to lure victims using social engineering...
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/locky-ransomware-hides-under-multiple-obfuscated-layers-of-javascript/


*** Threat Actors Employ COM Technology in Shellcode to Evade Detection ***
---------------------------------------------
COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it is one of the fundamental architectures in Windows. From the security point of view, several "features" built into COM have lead to many security vulnerabilities. These features include ActiveX (an Internet Explorer plug-in technology), the...
---------------------------------------------
https://blogs.mcafee.com/mcafee-labs/threat-actors-employ-com-technology-shellcode-evade-detection/


*** FastPOS malware exfiltrates data immediately after harvesting it ***
---------------------------------------------
POS malware might have taken a backseat when ransomware became the go-to malware for many cyber crooks, but stealing payment card information to effect fraudulent transactions is still a lucrative business. Trend Micro researchers have recently analyzed a new POS malware family sporting some interesting functionalities. One of these is what made them dub the threat FastPOS: the malware does not wait to collect a batch of data and then send it periodically to the...
---------------------------------------------
https://www.helpnetsecurity.com/2016/06/07/fastpos-malware/


*** Check your BITS, because deleting malware might not be enough ***
---------------------------------------------
Attackers are abusing the Windows Background Intelligent Transfer Service (BITS) to re-infect computers with malware after theyve been already cleaned by antivirus products.The technique was observed in the wild last month by researchers from SecureWorks while responding to a malware incident for a customer. The antivirus software installed on a compromised computer detected and removed a malware program, but the computer was still showing signs of malicious activity at the network level.
---------------------------------------------
http://www.cio.com/article/3080016/check-your-bits-because-deleting-malware-might-not-be-enough.html#tk.rss_security


*** Android gets patches for serious flaws in hardware drivers and media server ***
---------------------------------------------
The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers.The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise. Similar...
---------------------------------------------
http://www.csoonline.com/article/3079726/security/android-gets-patches-for-serious-flaws-in-hardware-drivers-and-media-server.html#tk.rss_applicationsecurity


*** Android Security Bulletin - June 2016 ***
---------------------------------------------
[...] The most severe issue is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
---------------------------------------------
https://source.android.com/security/bulletin/2016-06-01.html


*** BlackBerry powered by Android Security Bulletin - June 2016 ***
---------------------------------------------
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available build, as outlined in the Available Updates section.
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?articleNumber=000038209


*** NTP.org ntpd is vulnerable to denial of service and other vulnerabilities ***
---------------------------------------------
NTP.orgs reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTPs security advisory listing and in the individual links below.
---------------------------------------------
https://www.kb.cert.org/vuls/id/321640


*** DFN-CERT-2016-0840: IPv6-Protokoll: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ***
---------------------------------------------
Version 1 (2016-05-26 11:34) Neues Advisory Version 2 (2016-05-27 09:49) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 3 (2016-06-01 11:36) Cisco aktualisiert die referenzierte Sicherheitsmeldung [...] Version 4 (2016-06-03 14:31) Cisco aktualisiert cisco-sa-20160525-ipv6 und weist darauf hin, dass es sich nicht um einen Cisco spezifischen Fehler handelt, [...] Version 5 (2016-06-06 15:12) Juniper Networks informiert darüber, dass EX4300, EX4600, QFX3500 und QFX5100...
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0840/


*** Bugtraq: [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538612


*** Bugtraq: [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538611


*** Bugtraq: [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538610


*** IBM Security Bulletin: Path Traversal affects IBM Security Guardium Database Activity Monitor (CVE-2016-0298) ***
---------------------------------------------
IBM Security Guardium Database Activity Monitor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system. CVE(s): CVE-2016-0298 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21981749


*** IBM Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs) ***
---------------------------------------------
IBM Security Guardium is vulnerable to several possible remote attacks CVE(s): CVE-2015-4881, CVE-2015-7181, CVE-2015-7981, CVE-2013-1981, CVE-2015-3416, CVE-2015-2730, CVE-2015-7704, CVE-2015-3238, CVE-2015-5312, CVE-2015-5288 Affected product(s) and affected version(s): IBM Security Guardium V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981747X-Force Database:...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21981747


*** IBM Security Bulletin: Cacheable SSL Page vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0237) ***
---------------------------------------------
IBM Security Guardium Database Activity Monitor contains locally cached browser data, that could allow a local attacker to obtain sensitive information. CVE(s): CVE-2016-0237 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21981631X-Force Database:...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21981631


*** IBM Security Bulletin: Use of Hard-coded Cryptographic Key vulenrability affects IBM Security Guardium Database Activity Monitor (CVE-2016-0235) ***
---------------------------------------------
IBM Security Guardium Database Activity Monitor uses a hard-coded password for the which is available to the administrator or a user with root access. This password could be used across other GRUB systems. CVE(s): CVE-2016-0235 Affected product(s) and affected version(s): IBM Security Guardium Database Activity Monitor V10 Refer to the following reference URLs for remediation...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21981748


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Streams (CVE-2016-0466, CVE-2016-0448) ***
---------------------------------------------
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases. If you run your own Java code using the IBM Java...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21983436


*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8317) ***
---------------------------------------------
There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. CVE(s): CVE-2015-8317 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21983370


*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ AMS (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196) ***
---------------------------------------------
OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM MQ Advanced Message Security (AMS) on IBM i. IBM MQ has addressed the applicable CVEs. CVE(s): CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 Affected product(s) and affected version(s): IBM MQ 8.0 Advanced Message Security (AMS) on IBM i only Fix Pack 8.0.0.4...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21983823


*** IBM Security Bulletin: A vulnerability in XML processing affects IBM InfoSphere Streams (CVE-2015-1819) ***
---------------------------------------------
IBM InfoSphere Streams may be vulnerable to a denial of service attack due to the use of Libxml2 (CVE-2015-1819) CVE(s): , CVE-2015-1819 Affected product(s) and affected version(s): IBM InfoSphere Streams Version 1.2.1.0 IBM InfoSphere Streams Version 2.0.0.4 and earlier IBM InfoSphere Streams Version 3.0.0.5 and earlier IBM InfoSphere Streams Version 3.1.0.7 and earlier IBM InfoSphere...
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21981066


*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM BigFix Remote Control (CVE-2016-2107) ***
---------------------------------------------
OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM BigFix Remote Control. IBM BigFix Remote Control has addressed the applicable CVEs. CVE(s): CVE-2016-2107 Affected product(s) and affected version(s): IBM BigFix Remote Control version 9.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin:...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21984111