[CERT-daily] Tageszusammenfassung - Dienstag 22-03-2016

Tue Mar 22 18:10:18 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 21-03-2016 18:00 − Dienstag 22-03-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Moodle Bugs Let Remote Authenticated Users Obtain Potentially Sensitive Information and Bypass Security Restrictions and Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035333


*** Libxml2 Memory Allocation Error in xmlStringGetNodeList() Lets Remote Users Consume Excessive Memory Resources ***
---------------------------------------------
http://www.securitytracker.com/id/1035335


*** D-Link DWR-932 Authentication Bypass / Password Disclosure ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030115


*** AsusTEK asio.sys MSR Manipulation ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030116


*** Google slings critical patch at exploited Linux kernel root hole ***
---------------------------------------------
Android re-installation ahoy to sink privilege elevation that opens avenue for rooting apps Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices.
---------------------------------------------
www.theregister.co.uk/2016/03/22/google_slings_critcial_patch_at_exploited_linux_kernel_root_hole/


*** IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affects IBM Rational DOORS Next Generation ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21978747


*** IBM Security Bulletin: Lotus Quickr 8.5 for WebSphere Portal January 2016 CPU (CVE-2016-0448) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21977579


*** Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2015-7575) ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099195


*** IBM Security Bulletin: Vulnerability in Apache Cordova affects IBM MobileFirst Platform Foundation (CVE-2015-5256) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg2C1000109


*** Security Bulletin: Vulnerability in OpenSSH affects IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter (CVE-2015-5600) ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098977


*** Samba-Entwickler warnen vor Lücke auch in Windows ***
---------------------------------------------
Badlock heißt eine kritische Sicherheitslücke, die Samba-Entwickler in ihrer eigenen Software, aber auch in Windows entdeckt haben. Sie warnen die Betreiber solcher Server eindringlich, am 12. April Zeit für das Einspielen von Patches einzuplanen.
---------------------------------------------
http://heise.de/-3148379


*** Deluge of Apple Patches Fix iMessage Crypto Bug, Much More ***
---------------------------------------------
Apple deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV's tvOS, and watchOS on Monday.
---------------------------------------------
http://threatpost.com/deluge-of-apple-patches-fix-imessage-crypto-bug-much-more/116926/


*** "E-ISAC and SANS Report On The Ukrainian Grid Attack" ***
---------------------------------------------
Yesterday the SANS ICS team released its Defense Use Case (DUC) #5 analyzing the cyber-attack that impacted Ukraine on December 23, 2015. The paper is written from the perspective of what lessons that can be learned from the event. The ..
---------------------------------------------
http://ics.sans.org/blog/2016/03/22/e-isac-and-sans-report-on-the-ukrainian-grid-attack


*** A look at Locky ransomware ***
---------------------------------------------
The Locky ransomware was first spotted in the wild last month in February 2016. Locky came to limelight when it hit the Hollywood Hospital last month causing the hospital to pay bitcoins worth 17,000$ USD in ransom. Locky is known to ..
---------------------------------------------
http://research.zscaler.com/2016/03/a-look-at-locky-ransomware.html