[CERT-daily] Tageszusammenfassung - Mittwoch 9-11-2016

Daily end-of-shift report team at cert.at
Wed Nov 9 18:06:03 CET 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 08-11-2016 18:00 − Mittwoch 09-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a



*** Admins aufgepasst: SHA1-Zertifikate vor dem endgültigen Aus ***
---------------------------------------------
Ab Januar 2017 wird es ernst: die großen Browser werden ab dann richtige Fehlermeldungen anzeigen, wenn sie auf Zertifikate treffen, die eine Signatur mit SHA1 aufweisen. Die sind aber immer noch im Einsatz, wie ein Kurztest von heise Security zeigt.
---------------------------------------------
https://heise.de/-3460868




*** Adsense: Google entfernt Bankentrojaner aus Werbenetzwerk ***
---------------------------------------------
Erneut ist über ein Werbenetzwerk Schadsoftware verteilt worden. Eine Google-Adsense-Kampagne hatte versucht, Android-Nutzern einen Bankentrojaner unterzuschieben. Die entsprechenden Anzeigen wurden mittlerweile deaktiviert. (Malware, Virus)
---------------------------------------------
http://www.golem.de/news/adsense-google-entfernt-bankentrojaner-aus-werbenetzwerk-1611-124363-rss.html




*** MS16-NOV - Microsoft Security Bulletin Summary for November 2016 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-NOV




*** App-Schwachstelle: Angreifer können iPhone-Anrufe auslösen ***
---------------------------------------------
Ein Fehler in populären iOS-Apps ermöglicht es, das iPhone zum automatischen Anwählen einer bestimmten Rufnummer zu bringen und den Nutzer zugleich am sofortigen Abbruch des Telefonats zu hindern.
---------------------------------------------
https://heise.de/-3460552




*** November 2016 security update release ***
---------------------------------------------
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month's security updates and advisories can be found in the Security TechNet Library.
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2016/11/08/november-2016-security-update-release/




*** Thoughts on the recent 'NtSetWindowLongPtr' vulnerability ***
---------------------------------------------
On October 31, Google security team has announced it has discovered a vulnerability, actively exploited the wild, in (unspecified) versions of Microsoft Windows. The vulnerability is a local privilege escalation, allowing an unprivileged user to gain kernel privileges. 
---------------------------------------------
https://labs.bromium.com/2016/11/08/thoughts-on-the-recent-ntsetwindowlongptr-vulnerability/




*** New XM1RPC SEO Spam and Backdoor Campaign ***
---------------------------------------------
We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign due to the common backdoor used across all of the compromised sites. The file is named in such a way as to confuse WordPress administrators who are familiar with XML-RPC. This malware usually infects all sites that share the same FTP account, which means cleaning just one website won't help...
---------------------------------------------
https://blog.sucuri.net/2016/11/xm1rpc-spam-backdoor.html





*** Phoenix Contact ILC PLC Authentication Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for authentication vulnerabilities in Phoenix Contact's ILC PLCs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-313-01




*** Siemens Industrial Products Local Privilege Escalation Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a privilege escalation vulnerability that affects several Siemens industrial products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-313-02




*** OSIsoft PI System Incomplete Model of Endpoint Features Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for an incomplete model of endpoint features vulnerability in OSIsoft's PI System software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICS-VU-313-03




*** TrickBot Banking Trojan Adds New Browser Manipulation Tools ***
---------------------------------------------
The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope.
---------------------------------------------
http://threatpost.com/trickbot-banking-trojan-adds-new-browser-manipulation-tools/121859/




*** DSA-3709 libxslt - security update ***
---------------------------------------------
Nick Wellnhofer discovered that the xsltFormatNumberConversion functionin libxslt, an XSLT processing runtime library, does not properly checkfor a zero byte terminating the pattern string. This flaw can be exploited to leak a couple of bytes after the buffer that holds thepattern string.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3709




*** Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161109-01-smartphone-en




*** Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched ***
---------------------------------------------
The effectiveness of a zero-day quickly deteriorates as an attack tool after it gets discovered and patched by the affected software vendors. Within the time between the discovery of the vulnerability and the release of the fix, a bad actor might try to get the most out of his previously valuable attack assets.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/QdtwFJ1RHyQ/





*** Vuln: SAP NetWeaver Java AS Webdynpro Component Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94174




*** New BEC scams seek to build trust first, request wire transfer later ***
---------------------------------------------
Business email compromise scammers have gradually changed their tactics to improve their scam success rate.
---------------------------------------------
https://www.symantec.com/connect/blogs/new-bec-scams-seek-build-trust-first-request-wire-transfer-later




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier ***
https://support.asperasoft.com/hc/en-us/articles/229505687-Security-Bulletin-Multiple-OpenSSL-vulnerabilities-affect-IBM-Aspera-Shares-1-9-2-or-earlier- -IBM-Aspera-Console-3-0-6-or-earlier
---------------------------------------------
*** IBM Security Bulletin: The BigFix Platform has a vulnerability involving missing the HTTP Strict-Transport-Security Header (CVE-2016-0297) ***
http://www.ibm.com/support/docview.wss?uid=swg21993214
---------------------------------------------
*** IBM Security Bulletin: BigFix Platform has a vulnerability where information is exposed through Log Files (CVE-2016-0296) ***
http://www.ibm.com/support/docview.wss?uid=swg21993213
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source CURL Vulnerabilities (CVE-2016-7167) ***
http://www.ibm.com/support/docview.wss?uid=swg21993246
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Mobile Server Security Refresh for Apache Struts (CVE-2016-0785, CVE-2016-0785, CVE-2016-3093, CVE-2016-4003) ***
http://www.ibm.com/support/docview.wss?uid=swg21984206
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Security Refresh for Apache Struts CVE-IDs: CVE-2016-0785 CVE-2016-2162 ***
http://www.ibm.com/support/docview.wss?uid=swg21985424




More information about the Daily mailing list