[CERT-daily] Tageszusammenfassung - Donnerstag 24-03-2016

Thu Mar 24 18:01:15 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 23-03-2016 18:00 − Donnerstag 24-03-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip


*** IBM Security Bulletin: IBM Forms Server vulnerability identified in Webform Server (CVE-2016-0223) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21977574


*** Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC5022 16Gb SAN and EN4023 10Gb Scalable Switches ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273


*** Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for BladeCenter ***
---------------------------------------------
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272


*** Cisco Network Convergence System 6000 Series Routers SCP and SFTP Modules Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs


*** Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016030135


*** Measuring SMTP STARTTLS Deployment Quality ***
---------------------------------------------
At Yahoo, our users send and receive billions of emails everyday. We work to make Yahoo Mail easy to use, personalized, and secure for our hundreds of millions of users around the world. In line with our efforts to protect our users ..
---------------------------------------------
https://yahoo-security.tumblr.com/post/141495385400/measuring-smtp-starttls-deployment-quality


*** Kerberos Kadmind Null Pointer Dereference in process_db_args() Lets Remote Authenticated Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1035399


*** CA Single Sign-On Agent Input Validation Flaws Let Remote Users Obtain Potentially Sensitive Information and Cause Denial of Service Conditions ***
---------------------------------------------
http://www.securitytracker.com/id/1035389


*** Researchers find hole in SIP, Apple's newest protection feature ***
---------------------------------------------
System Integrity Protection pwned Security researchers have discovered a vulnerability that creates a means for hackers to circumvent Apple's newest protection ..
---------------------------------------------
www.theregister.co.uk/2016/03/24/macosx_security_bypass/


*** Nemucods CRYPTED Ransomware Can Be Neutralized with This Decrypter ***
---------------------------------------------
Victims that had their computers locked by a ransomware that uses the CRYPTED file extension can now free their files using a special decrypter created by Emsisoft security ..
---------------------------------------------
http://news.softpedia.com/news/nemucod-s-crypted-ransomware-can-be-neutralized-with-this-decrypter-502102.shtml


*** RCE flaw affects DVRs sold by over 70 different vendor ***
---------------------------------------------
RSA security researcher Rotem Kerner has discovered a remote code execution vulnerability that affects digital video recorders (DVRs) sold by more than 70 different vendors around the world.
---------------------------------------------
https://www.helpnetsecurity.com/2016/03/24/rce-flaw-dvrs-70-vendors/


*** Erpressungs-Trojaner Petya riegelt den gesamten Rechner ab ***
---------------------------------------------
Eine neue Ransomware hat es aktuell auf deutschsprachige Windows-Nutzer abgesehen. Petya wird über Dropbox verteilt und manipuliert die Festplatte, wodurch das Betriebssystem nicht mehr ausgeführt werden kann.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-den-gesamten-Rechner-ab-3150917.html


*** VU#279472: Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities ***
---------------------------------------------
http://www.kb.cert.org/vuls/id/279472


*** RedDoor: Erpresser drohen mit DDoS-Attacken auf deutsche Webseiten ***
---------------------------------------------
Zahlt uns 3 Bitcoin oder wir legen eure Webseite lahm – mit dieser Drohung erpresst eine Gruppe gerade Firmen in Deutschland, Österreich und der Schweiz. Angeblich soll es sich dabei allerdings um einen Bluff handeln.
---------------------------------------------
http://heise.de/-3151565


*** Emergency Java Patch Re-Issued for 2013 Vulnerability ***
---------------------------------------------
Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013.
---------------------------------------------
http://threatpost.com/emergency-java-patch-re-issued-for-2013-vulnerability/116967/