[CERT-daily] Tageszusammenfassung - Freitag 11-03-2016

Fri Mar 11 18:11:15 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 10-03-2016 18:00 − Freitag 11-03-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Locky Ransomware Spreading in Massive Spam Attack ***
---------------------------------------------
Researchers are tracking a massive spam campaign pelting inboxes with Locky ransomware downloaders in the form of JavaScript attachments.
---------------------------------------------
http://threatpost.com/locky-ransomware-spreading-in-massive-spam-attack/116727/


*** Deinstallieren oder Aktualisieren: Adobe verteilt Notfall-Update für Flash ***
---------------------------------------------
Es kommt nicht überraschend: Adobe veröffentlicht wieder ein Notfall-Update für den Flash-Player. Wer ihn nicht bereits deinstalliert hat, sollte das Update installieren. Auch die Digital Editions und der Adobe Reader werden versorgt.
---------------------------------------------
http://www.golem.de/news/deinstallieren-oder-aktualisieren-adobe-rollt-notfall-update-fuer-flash-aus-1603-119691-rss.html


*** Security Afterworks Spezial: Secure your Enterprise - Innovative Microsoft-Security-Lösungen im Enterprise- & Mobility-Umfeld ***
---------------------------------------------
April 18, 2016 - 3:00 pm - 5:00 pm Microsoft Österreich Am Europlatz 3 Wien
---------------------------------------------
https://www.sba-research.org/events/security-afterworks-spezial-secure-your-enterprise-innovative-microsoft-security-losungen-im-enterprise-mobility-umfeld/


*** Files compromised by ransomware Trojan for OS X can be decrypted by Doctor Web ***
---------------------------------------------
March 11, 2016 At the beginning of March, numerous mass media, websites, and blogs announced about the emergence of the first ever ransomware for Mac computers. Doctor Web specialists examined this malicious program, which was named Mac.Trojan.KeRanger.2, and they have developed a method that can help to decrypt files affected by this Trojan. Mac.Trojan.KeRanger.2 was first detected in a compromised version of the installer for a popular OS X torrent client that was distributed as a DMG file.
---------------------------------------------
http://news.drweb.com/show/?i=9877&lng=en&c=9


*** Cerber Ransomware - New, But Mature ***
---------------------------------------------
We take a look at Cerber, Ransomware named after the mythical multi-headed dog...Categories:  Malware AnalysisTags: cerberransomware(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/intelligence/2016/03/cerber-ransomware-new-but-mature/


*** OpenSSH Security Advisory: x11fwd.adv ***
---------------------------------------------
Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).
---------------------------------------------
http://www.openssh.com/txt/x11fwd.adv


*** Cisco Gigabit Switch Router 12000 Series Routers Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160311-gsr


*** Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a vulnerability caused by an Institute of Electrical and Electronics Engineers (IEEE) conformance issue involving improper frame padding in Schneider Electric's Telvent SAGE 2300 and 2400 remote terminal units.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-070-01


*** VU#270232: Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability ***
---------------------------------------------
Vulnerability Note VU#270232 Quagga bgpd with BGP peers enabled for VPNv4 contains a buffer overflow vulnerability Original Release date: 10 Mar 2016 | Last revised: 10 Mar 2016   Overview Quagga, version 0.99.24.1 and earlier, contains a buffer overflow vulnerability in bgpd with BGP peers enabled for VPNv4 that may leveraged to gain code execution.  Description CWE-121: Stack-based Buffer Overflow - CVE-2016-2342Quagga is a software routing suite that implements numerous routing protocols for...
---------------------------------------------
http://www.kb.cert.org/vuls/id/270232


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects Tivoli Provisioning Manager for OS deployment and Tivoli Provisioning Manager for Images (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=swg21978194
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM DataPower Gateways (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=swg21977460
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21978188
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of IBM DataPower Gateways (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974969
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in the GSKit component of IBM DB2 LUW (CVE-2016-0201, CVE-2015-7420 & CVE-2015-7421) ***
http://www.ibm.com/support/docview.wss?uid=swg21977787
---------------------------------------------
*** IBM Security Bulletin: Cross-Site Scripting Vulnerability with the UML Vizualization tools ***
http://www.ibm.com/support/docview.wss?uid=swg21978003
---------------------------------------------
*** Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM)(CVE-2015-3200) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099226
---------------------------------------------
*** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21978471
---------------------------------------------