[CERT-daily] Tageszusammenfassung - Donnerstag 10-03-2016
Daily end-of-shift report
team at cert.at
Thu Mar 10 18:07:20 CET 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 09-03-2016 18:00 − Donnerstag 10-03-2016 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** First Principles for Network Defenders: A Unified Theory for Security Practitioners ***
---------------------------------------------
Great thinkers like Aristotle, Descartes and Elon Musk have said that, in order to solve really hard problems, you have to get back to first principles. First principles in a designated ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2016/03/first-principles-for-network-defenders-a-unified-theory-for-security-practitioners/
*** DSA-3509 rails - security update ***
---------------------------------------------
Two vulnerabilities have been discovered in Rails, a web applicationframework written in Ruby. Both vulnerabilities affect Action Pack, whichhandles the web requests for Rails.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3509
*** Powershell Malware - No Hard drive, Just hard times, (Wed, Mar 9th) ***
---------------------------------------------
ISC Reader Eric Volking submitted a very nice sample of some Powershell based malware. Lets take a look! The malware starts inthe traditional way, by launching itself with an ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20823
*** Bugtraq: [CORE-2016-0004] - SAP Download Manager Password Weak Encryption ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537746
*** Bugtraq: [CORE-2016-0003] - Samsung SW Update Tool MiTM ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537750
*** DSA-3512 libotr - security update ***
---------------------------------------------
Markus Vervier of X41 D-Sec GmbH discovered an integer overflowvulnerability in libotr, an off-the-record (OTR) messaging library, inthe way how the sizes of portions of incoming messages were stored. Aremote attacker can exploit this ..
---------------------------------------------
https://www.debian.org/security/2016/dsa-3512
*** DSA-3511 bind9 - security update ***
---------------------------------------------
https://www.debian.org/security/2016/dsa-3511
*** Security Advisory: BIND vulnerability CVE-2016-2088 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59692558.html
*** Security Advisory: BIND vulnerability CVE-2016-1285 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/46/sol46264120.html
*** Security Advisory: BIND vulnerability CVE-2016-1286 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/62/sol62012529.html
*** Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015 ***
---------------------------------------------
When a PDF is uploaded in Scald File, various tools can be executed if theyre installed on the server, to try to generate a thumbnail out of that PDF.This is mitigated by the need to have the sufficient permissions to upload a file in Scald, ..
---------------------------------------------
https://www.drupal.org/node/2684601
*** Ransomware: "Von Zahlungen ist abzuraten" ***
---------------------------------------------
DDoS-Attacken, CEO-Frauds und Ransomware: Angriffe auf Firmen nehmen zu. Die futurezone hat den Sicherheitsexperten Michael Krausz dazu befragt.
---------------------------------------------
http://futurezone.at/digital-life/ransomware-von-zahlungen-ist-abzuraten/184.023.865
*** Erpressungs-Trojaner: Time-Machine-Backups anfällig ***
---------------------------------------------
Die Entwickler der OS-X-Ransomware KeRanger haben auch Time-Machine-Backups als Angriffsziel erwogen. Tatsächlich ist es möglich, selbst ohne Admin-Rechte Dokumente in der Datensicherung zu verändern.
---------------------------------------------
http://heise.de/-3131762
*** TRUST 2016, organized by SBA Research ***
---------------------------------------------
August 29, 2016 - August 30, 2016 - All Day Vienna University of Technology Gußhausstraße 27-29 Vienna
---------------------------------------------
https://www.sba-research.org/events/trust-2016-organized-by-sba-research/
*** Kritische Lücke in Jabber-Verschlüsselung OTR ***
---------------------------------------------
Das Protokoll Off-the-Record (OTR) und dessen Umsetzung galt als eigentlich als recht sicher. Doch jetzt entdeckten Forscher eine kritische Lücke, die es Angreifern erlaubt, eigenen Code einzuschleusen und auszuführen. Updates schließen das Loch.
---------------------------------------------
http://heise.de/-3130396
*** PlugX malware: A good hacker is an apologetic hacker ***
---------------------------------------------
Sometimes malware writers put messages in their malware. We found one such message in PlugX dropper. And it was pretty melodramatic ..
---------------------------------------------
http://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/
*** [R4] OpenSSL 20160301 Advisory Affects Tenable Nessus ***
---------------------------------------------
https://www.tenable.com/security/tns-2016-03
*** Apple Software Update 2.2 ***
---------------------------------------------
Impact: An attacker in a privileged network position may be able to control the contents of the updates window
---------------------------------------------
https://support.apple.com/en-us/HT206091
*** Vulnerabilities in multiple third party TYPO3 CMS extensions ***
---------------------------------------------
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path disclosure vulnerabilities, multiple XSS vulnerabilities, insecure password generation in JavaScript.
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-007/
*** Security: Drown gefährdet weiterhin zahlreiche Webdienste ***
---------------------------------------------
Wie schnell patchen Serverbetreiber die Drown-Sicherheitslücke? Offenbar zu langsam, sagen mehrere Sicherheitsfirmen. Bei Heartbleed lief es deutlich besser.
---------------------------------------------
http://www.golem.de/news/security-drown-gefaehrdet-weiterhin-zahlreiche-webdienste-1603-119682.html
*** Android mobile banking trojan uses layered defenses to avoid removal ***
---------------------------------------------
Researchers at ESET have spotted a new Android banking trojan that camouflages itself as a legitimate mobile banking app, but instead of giving access to a persons bank account it steals login credentials.
---------------------------------------------
http://www.scmagazine.com/android-mobile-banking-trojan-uses-layered-defenses-to-avoid-removal/article/482174/
*** Cisco Prime LAN Management Solution Default Decryption Key Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms
*** Security Updates Available for Adobe Flash Player (APSB16-08) ***
---------------------------------------------
A Security Bulletin (APSB16-08) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1327
More information about the Daily
mailing list