[CERT-daily] Tageszusammenfassung - Freitag 6-05-2016

Fri May 6 18:16:42 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 04-05-2016 18:00 − Freitag 06-05-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Microsoft to retire support for SHA1 certificates in the next 4 months ***
---------------------------------------------
The lock icon will be gone by summer; sites using SHA1 to be blocked come January.
---------------------------------------------
http://arstechnica.com/security/2016/05/microsoft-to-retire-support-for-sha1-certificates-in-the-next-4-months/


*** Österreich auf der Suche nach Nachwuchs-Hackern ***
---------------------------------------------
Bei der Cyber Security Challenge 2016 werden vom Abwehramt und dem Verein Cyber Security Austria zum fünften Mal junge Hacker-Talente gesucht.
---------------------------------------------
http://futurezone.at/digital-life/oesterreich-auf-der-suche-nach-nachwuchs-hackern/196.938.245


*** ImageTragick: Another Vulnerability, Another Nickname, (Thu, May 5th) ***
---------------------------------------------
Introduction On Tuesday 2016-05-03, we started seeing reports about a vulnerability for a cross-platform suite named ImageMagick [1, 2, 3]. This new vulnerability has been nicknamed ImageTragick and has its own website. Apparently, the vulnerability will be assigned to CVE-2016-3714. It wasnt yet on mitre.orgs CVE site when I wrote this diary. Johannes Ullrich already discussed this vulnerability in yesterdays ISC StormCast for 2016-05-04, but theres been more press about it. Should...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21023&rss


*** Jaku botnet hides targeted attacks within generic botnet noise ***
---------------------------------------------
Botnets are usually created by cyber criminals that use them to launch DDoS attacks, deliver spam, effect click fraud. The recently discovered Jaku botnet can effectively do all those things, if its botmaster(s) choose to do so, but it seems that they have other things in mind. The botnet which, according to Forcepoint researchers, numbered as many as 17,000 victims at different points in time, consists of several botnets "answering to" different C&C servers. The...
---------------------------------------------
https://www.helpnetsecurity.com/2016/05/05/jaku-botnet-targeted-attacks/


*** Juniper patches OpenSSHs roaming bug in Junos OS ***
---------------------------------------------
Screen OS not affected The next vendor to kill off the OpenSSH roaming bug announced in January is Juniper Networks.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/05/05/juniper_patches_opensshs_roaming_bug_in_junos_os/


*** Criminals Peddling Affordable AlphaLocker Ransomware ***
---------------------------------------------
A relatively affordable and difficult to detect ransomware-as-a-service named AlphaLocker has begun making the rounds, researchers warn.
---------------------------------------------
http://threatpost.com/criminals-peddling-affordable-alphalocker-ransomware/117888/


*** Microsoft BITS Used to Download Payloads, (Thu, May 5th) ***
---------------------------------------------
A few day ago,I found an interesting malicious Word document. First of all, the file has a very low score on VT:2/56 (analysis is available here). The document is a classic one:Once opened, it asks the victim to enable macro execution if not yet enabled. The document targets" />">">The OLE document contains"> $ oledump.py b2a9d203bb135b54319a9e5cafc43824 1: 113 \x01CompObj 2: 4096 \x05DocumentSummaryInformation 3: 4096 \x05SummaryInformation 4: 9398 1Table 5:
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21027&rss


*** On The Monetization Of Crypto-Ransomware ***
---------------------------------------------
Over the last few years, technologies and infrastructure, in the form of crypto-currencies, the dark web and well-organized criminal affiliate programs have aligned to create the perfect storm. And from that storm, the crypto-ransomware beast has arisen. There's a reason why crypto-ransomware is making the news almost daily - it's unique compared to every other...
---------------------------------------------
https://labsblog.f-secure.com/2016/05/06/on-the-monetization-of-crypto-ransomware/


*** Studie: TLS-Proxies bringen Sicherheitsprobleme ***
---------------------------------------------
Unter 14 Antivirus- und Kinderschutzprodukten, die Inhalte in gesicherten TLS-Verbindungen filtern, fand sich kein einziges, das dabei keine zusätzlichen Sicherheitsprobleme verursachte.
---------------------------------------------
http://heise.de/-3197932


*** Qualcomm flaw puts millions of Android devices at risk ***
---------------------------------------------
A vulnerability in an Android component shipped with phones that use Qualcomm chips puts users text messages and call history at risk of theft.The flaw was found by security researchers from FireEye and was patched by Qualcomm in March. However, because the vulnerability was introduced five years ago, many affected devices are unlikely to ever receive the fix because theyre no longer supported by their manufacturers.The vulnerability, which is tracked as CVE-2016-2060, is located on an Android...
---------------------------------------------
http://www.cio.com/article/3066827/qualcomm-flaw-puts-millions-of-android-devices-at-risk.html#tk.rss_security


*** Security Alert: New Ransomware Promises to Donate Earnings to Charity ***
---------------------------------------------
Psychological manipulation is heavily used in cyber attacks, especially in phishing and ransomware compromise attempts. As with all online scams, the attackers' main objective is simple: to make as much money and steal as much data as possible. So, in their malicious pursuit, they'll come up with new tactics to force their victims into complying with their conditions. Encrypting ransomware, such as CryptoWall or TeslaCrypt, is proof.
---------------------------------------------
https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/


*** New Security Flaw Found in Lenovo Solution Center Software ***
---------------------------------------------
Security researchers at Trustwave SpiderLabs have discovered a new vulnerability in Lenovo's much maligned Lenovo Solution Center software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code.
---------------------------------------------
http://threatpost.com/new-security-flaw-found-in-lenovo-solution-center-software/117896/


*** Public Key Infrastructure (PKI) ***
---------------------------------------------
Executive Summary This article is a detailed theoretical and hands-on with Public Key Infrastructure (PKI) and OpenSSL based Certificate Authority. In the first section, PKI and its associated concepts will be discussed. A test bed or lab environment on Ubuntu 14 will be prepared to apply PKI knowledge. Generation of CA, server and user keys/certificates...
---------------------------------------------
http://resources.infosecinstitute.com/public-key-infrastructure-pki-2/


*** Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-14) ***
---------------------------------------------
A prenotification Security Advisory (APSB16-14) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, May 10, 2016. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1344


*** Squid HTTP caching proxy Multiple Vulns ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016050024


*** [R1] PHP < 5.6.21 Vulnerabilities Affect Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-09


*** HPE Network Node Manager i Multiple Flaws Let Remote Users Bypass Authentication, Obtain Data and Potentially Sensitive Information, and Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1035767


*** Bugtraq: ESA-2016-051: Patch 14 for RSA Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538287


*** DSA-3567 libpam-sshauth - security update ***
---------------------------------------------
It was discovered that libpam-sshauth, a PAM module to authenticateusing an SSH server, does not correctly handle system users. In certainconfigurations an attacker can take advantage of this flaw to gain rootprivileges.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3567


*** USN-2963-1: OpenJDK 8 vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2963-14th May, 2016openjdk-8 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTSSummarySeveral security issues were fixed in OpenJDK 8.Software description openjdk-8 - Open Source Java implementation  DetailsMultiple vulnerabilities were discovered in the OpenJDK JRE related toinformation disclosure, data integrity, and availability. An attackercould exploit these to cause a denial of service, expose sensitive...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2963-1/


*** USN-2964-1: OpenJDK 7 vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-2964-14th May, 2016openjdk-7 vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTSSummarySeveral security issues were fixed in OpenJDK 7.Software description openjdk-7 - Open Source Java implementation  DetailsMultiple vulnerabilities were discovered in the OpenJDK JRE related to informationdisclosure, data integrity, and availability. An attacker could exploitthese to cause a denial of service, expose...
---------------------------------------------
http://www.ubuntu.com/usn/usn-2964-1/


*** Cisco security Advisories ***
---------------------------------------------
*** Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern
---------------------------------------------
*** Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower
---------------------------------------------
*** Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
---------------------------------------------
*** Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse
---------------------------------------------
*** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in bind affect Power Hardware Management Console (CVE-2016-1285, CVE-2016-1286) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021266
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in ntp affect Power Hardware Management Console (CVE-2015-5300, CVE-2015-7704, CVE-2015-8138) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021264
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM XIV Storage System (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005699
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2015-7575, CVE-2016-0475) ***
http://www.ibm.com/support/docview.wss?uid=swg21982445
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2015-7575, CVE-2016-0475) ***
http://www.ibm.com/support/docview.wss?uid=swg21982446
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466) ***
http://www.ibm.com/support/docview.wss?uid=swg21972468
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence (CVE-2015-4872, CVE-2015-4893, CVE-2015-4803, CVE-2015-5006, CVE-2016-0483, CVE-2015-7575, CVE-2016-0448, CVE-2016-0466) ***
http://www.ibm.com/support/docview.wss?uid=swg21972469
---------------------------------------------
*** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ***
http://www.ibm.com/support/docview.wss?uid=swg21979767
---------------------------------------------
*** IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) February 2016 ***
http://www.ibm.com/support/docview.wss?uid=swg21980693
---------------------------------------------
*** IBM Security Bulletin: Current Releases of IBM SDK for Node.js in IBM Bluemix are affected by CVE-2016-3956, CVE-2016-2515 and CVE-2016-2537. ***
http://www.ibm.com/support/docview.wss?uid=swg21981433
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (CVE-2016-2542) ***
http://www.ibm.com/support/docview.wss?uid=swg21982467
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage FlashCopy Manager on Windows (CVE-2016-2542) ***
http://www.ibm.com/support/docview.wss?uid=swg21982448
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in SQLite affects IBM Security Access Manager for Mobile (CVE-2015-3416) ***
http://www.ibm.com/support/docview.wss?uid=swg21981269
---------------------------------------------
*** IBM Security Bulletin: IBM SPSS Statistics ActiveX Control Buffer Overflow (CVE-2015-8530) ***
http://www.ibm.com/support/docview.wss?uid=swg21982035
---------------------------------------------
*** IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7403) ***
http://www.ibm.com/support/docview.wss?uid=swg21982660
---------------------------------------------