[CERT-daily] Tageszusammenfassung - Montag 30-05-2016

Daily end-of-shift report team at cert.at
Mon May 30 18:07:19 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 27-05-2016 18:00 − Montag 30-05-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Security baseline for Windows Server 2016 Technical Preview 5 (TP5) ***
---------------------------------------------
Microsoft is pleased to announce the draft release of the security configuration baseline settings for Windows Server 2016, corresponding to Technical ..
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2016/05/27/security-baseline-for-windows-server-2016-technical-preview-5-tp5/




*** New Locky ransomware campaign sets sights on Amazon customers ***
---------------------------------------------
Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.
---------------------------------------------
http://www.scmagazine.com/new-locky-ransomware-campaign-sets-sights-on-amazon-customers/article/499282/




*** How Attackers Use a Flash Exploit to Distribute Crimeware and Other Malware ***
---------------------------------------------
Background Adobe Flash is multimedia software that runs on more than 1 billion systems worldwide. Its long list of security vulnerabilities and huge market presence ..
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/how-attackers-use-a-flash-exploit-to-distribute-crimeware-and-other-malware




*** VMSA-2016-0005.2 ***
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2016-0005.html




*** Security Advisory: Stored XSS in Jetpack ***
---------------------------------------------
During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites. The ..
---------------------------------------------
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html




*** ZDI-16-361: (Pwn2Own) Apple OS X libATSServer Heap-based Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-361/




*** ZDI-16-360: (Pwn2Own) Apple OS X fontd Sandbox Escape Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-360/




*** Microsoft stattet Windows 10 mit doppelten Virenschutz aus ***
---------------------------------------------
http://derstandard.at/2000037805637




*** Nach LinkedIn Datenleck auch bei MySpace ***
---------------------------------------------
Der LinkedIn-Hacker hat laut eigenen Angaben auch 360 Millionen E-Mail-Adressen von MySpace-Nutzern und ..
---------------------------------------------
http://futurezone.at/digital-life/nach-linkedin-datenleck-auch-bei-myspace/201.396.487




*** Duqu 2.0 kernel exploitation technique analysis (part 1 of 2) ***
---------------------------------------------
Out of the multiple components used in the sophisticated Duqu 2.0 cyberespionage attack, we had a chance to look into one of the kernel exploits used for its ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/05/29/%e2%80%8bduqu-2-0-kernel-exploitation-technique-analysis-part-1-of-2/




*** CVE Request: GraphicsMagick and ImageMagick popen() shell vulnerability via filename ***
---------------------------------------------
All existing releases of GraphicsMagick and ImageMagick support a file open syntax where if the first character of the file specification is a |, then the remainder of the filename is passed to the shell for execution using the ..
---------------------------------------------
http://permalink.gmane.org/gmane.comp.security.oss.general/19669




*** breaking into a wordpress site without knowing wordpress/php or infosec at all ***
---------------------------------------------
This is a post about how I tried and broke into my colleges wordpress installation without having any prior knowledge of wordpress/php and without any experience with hacking web-servers. The attempts were spread out over a month, ..
---------------------------------------------
https://notehub.org/5zo2v




*** Saudi-Arabien soll Cyberangriffe gegen Iran gestartet haben ***
---------------------------------------------
http://derstandard.at/2000037865736




*** Microsoft geht gegen zu einfache Passwörter vor ***
---------------------------------------------
Künftig sollen Nutzer von Azure und anderen Diensten Warnungen erhalten, wenn ihr Kennwort ..
---------------------------------------------
http://derstandard.at/2000037866342




*** Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the IP Version 6 (IPv6) packet processing functions of Cisco IOS XR Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an ..
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6




*** Angreifer erbeuten Nutzerdaten von sz-magazin.de ***
---------------------------------------------
Ein Unbefugter habe sich Mitte Mai rechtswidrig Zugriff auf einen Datenbankserver des SZ-Magazins verschafft.
---------------------------------------------
http://heise.de/-3222586




*** Hintergrund: Zertifikate sperren - so gehts ***
---------------------------------------------
Verkehrte Welt -- um ein Zertifikat zu sperren, muss man es erst installieren. Mit der folgenden Anleitung ..
---------------------------------------------
http://heise.de/-3222308




*** Zum Weltnichtrauchertag: BSI warnt vor Malware in E-Zigaretten ***
---------------------------------------------
Wer E-Zigaretten raucht, erspart seiner Lunge Teer, setzt aber die Gesundheit seines Rechners aufs Spiel - zumindest, wenn die E-Zigarette per USB aufgeladen wird.
---------------------------------------------
http://www.golem.de/news/zum-weltnichtrauchertag-bsi-warnt-vor-malware-in-e-zigaretten-1605-121180.html






More information about the Daily mailing list