[CERT-daily] Tageszusammenfassung - Freitag 13-05-2016

Fri May 13 18:13:04 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 12-05-2016 18:00 − Freitag 13-05-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Cyber Heist Attribution ***
---------------------------------------------
Written by Sergei Shevchenko and Adrian Nish | BACKGROUND | Attributing a single cyber-attack is a hard task and often impossible. However, when multiple attacks are conducted over long periods of time, they leave a trail of digital evidence. Piecing this together into a campaign can help investigators to see the bigger picture, and even hint at who may be behind the attacks. Our research into malware used on SWIFT based systems running in banks has turned up multiple bespoke tools used by a set of...
---------------------------------------------
http://baesystemsai.blogspot.com/2016/05/cyber-heist-attribution.html


*** Neuer Angriff auf Swift-Netzwerk: Angreifer nutzen manipulierten PDF-Reader ***
---------------------------------------------
Eine Bank setzte zur Überprüfung von Transaktionen offenbar keine Hashwerte der einzelnen Vorgänge ein - sondern nimmt eine Sichtprüfung von PDFs vor. Aus diesem Grund konnten Angreifer erneut illegale Transaktionen im Swift-Netzwerk vornehmen.
---------------------------------------------
http://www.golem.de/news/neuer-angriff-auf-swift-netzwerk-angreifer-nutzen-manipulierten-pdf-reader-1605-120899-rss.html


*** EZB plant Meldestelle für Cyber-Angriffe auf Banken ***
---------------------------------------------
Auch die Bankenaufseher der Europäischen Zentralbank reagieren auf die wachsende Zahl von Angriffen mit einer Meldepflicht bei schwerwiegenden Bedrohungen.
---------------------------------------------
http://heise.de/-3207934


*** MISP - Malware Information Sharing Platform, (Fri, May 13th) ***
---------------------------------------------
In a previous diary (Unity Makes Strength), I briefly mentioned MISP(which means Malware Information Sharing Platform). Since this tool is becomingmore and more popular, Id like to give more details about it.Sharing is key could be the slogan of MISP. The ideais to allow different organizations to share IOCs (Indicators of Compromize) like IP addresses, domains, hashes, URLs, filenames, ... Thegoal is to increase their ability to protect themselves against malicious activities. With millions of...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21053&rss


*** Open sourcing our NGINX HTTP/2 + SPDY code ***
---------------------------------------------
In December, we released HTTP/2 support for all customers and last week we released HTTP/2 Server Push support as well. The release of HTTP/2 by CloudFlare had a huge impact on the number of sites supporting and using the protocol. Today, 50% of sites that use HTTP/...
---------------------------------------------
https://blog.cloudflare.com/open-sourcing-our-nginx-http-2-spdy-code/


*** Meteocontrol WEBlog Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for one authentication and two information exposure vulnerabilities in Meteocontrol's WEB'log application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01


*** TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe ***
---------------------------------------------
Topic: TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe Risk: Medium Text:Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=775 The main component of Trend Micro Antivirus is CoreSe...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016050051


*** Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version ***
---------------------------------------------
Revisions None Severity Severity (CVSS version 2 and CVSS Version 3) CVSS2 ...
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160512_00


*** Bugtraq: May 2016 - HipChat Server - Critical Security Advisory ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538378


*** Bugtraq: [security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538371


*** Bugtraq: [security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538377


*** Bugtraq: [security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538376


*** Bugtraq: [security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538379


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server for Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427) ***
http://www.ibm.com/support/docview.wss?uid=swg21983039
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264) ***
http://www.ibm.com/support/docview.wss?uid=swg21982262
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Sterling Connect:Express for Unix (CVE-2016-2842). ***
http://www.ibm.com/support/docview.wss?uid=swg21982374
---------------------------------------------
*** IBM Security Bulletin: A Security Vulnerability exist in IBM Cognos TM1 ***
http://www.ibm.com/support/docview.wss?uid=swg21981936
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM) (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=swg21973066
---------------------------------------------


Next End-of-Shift Report: 2016-05-17