[CERT-daily] Tageszusammenfassung - Montag 14-11-2016
Daily end-of-shift report
team at cert.at
Mon Nov 14 18:48:42 CET 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 11-11-2016 18:00 − Montag 14-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** No payment necessary: Fighting back against ransomware ***
---------------------------------------------
Any IT professional who's ever had an experience with malware knows how fast an intrusive attack can happen, and how difficult it can be to educate employees to be vigilant against such threats. And with ransomware attacks only growing, having information, tools and technologies to help protect your network can mean the difference between serious...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/11/11/no-payment-necessary-fighting-back-against-ransomware/
*** New Guide on How to Fix Hacked Joomla! Sites ***
---------------------------------------------
Joomla! is one of the most popular open-source content management systems (CMS) on the market, powering a large percentage of websites on the internet today. For that reason, we are glad that our team includes a former contributor who helped create the official Joomla! docs on website security. We have also participated in various Joomla! events around the world, and our cofounder Dre Armeda is a keynote speaker at the upcoming Joomla! World Conference in Vancouver, Canada. Continue reading New
---------------------------------------------
https://blog.sucuri.net/2016/11/new-guide-fix-hacked-joomla-sites.html
*** Vuln: Docker Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
Vulnerable: Docker 1.12, Docker 1.6.1, Docker 1.6, Docker 1.3.3, Docker 1.4.1, Docker 1.3.2, Docker 1.3.1, Docker 1.3.0, Docker 1.12.3, Docker 1.12.2, Docker 1.0.0
---------------------------------------------
http://www.securityfocus.com/bid/94272
*** Vuln: Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerabilities ***
---------------------------------------------
Sophos Web Appliance is prone to a privilege-escalation vulnerability and remote code-execution vulnerabilities.
Attackers can leverage these issues to gain elevated privileges or execute arbitrary commands within the context of the affected application.
Sophos Web Appliance 4.2.1.3 is vulnerable; other versions may also be affected.
---------------------------------------------
http://www.securityfocus.com/bid/94274
*** OWASP ModSecurity Core Rule Set Version 3.0 Released ***
---------------------------------------------
Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DKhaxHVZD-s/owasp-modsecurity-core-rule-set-version-30-released
*** MikroTik RouterOS 6.36.2 Cross Site Scripting ***
---------------------------------------------
Topic: MikroTik RouterOS 6.36.2 Cross Site Scripting
Risk: Low
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110115
*** VMSA-2016-0019 ***
---------------------------------------------
VMware product updates address local privilege escalation vulnerability in linux kernel
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0019.html
*** Kaspersky Lab Black Friday Threat Overview 2016 ***
---------------------------------------------
Our research shows that, over the last few years, the holiday period which starts on so-called Black Friday was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.
---------------------------------------------
http://securelist.com/analysis/publications/76615/kaspersky-lab-black-friday-threat-overview-2016/
*** [2016-11-14] Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 ***
---------------------------------------------
Attackers are able to control the SolarEagle V2.00 / MPPT Solar Controller SMART2 device as authentication is broken. Furthermore attackers can eavesdrop the unencrypted communication or denial service.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161114-0_I-Panda_SolarEagle_Multile_vulnerabilities_v10.txt
*** Adult Friend Finder: 412 Milionen Accounts von Datingseite gehackt ***
---------------------------------------------
Nach dem Ashley-Madison-Hack gibt es einen weiteren großen Einbruch in ein Datingnetzwerk. Angreifer veröffentlichten 412 Millionen Accountdaten des Webseitennetzwerkes rund um Adult Friend Finder.
---------------------------------------------
http://www.golem.de/news/adult-friend-finder-412-milionen-accounts-von-datingseite-gehackt-1611-124440-rss.html
*** Vuln: Jenkins Java Deserialization Remote Code Execution Vulnerability ***
---------------------------------------------
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.
---------------------------------------------
http://www.securityfocus.com/bid/94281
*** [TYPO3-announce] Vulnerabilities in multiple third party TYPO3 CMS extensions ***
---------------------------------------------
several vulnerabilities have been found in the following third party TYPO3 extensions:
- "Store Locator" (locator)
- "Code Highlighter" (mh_code_highlighter)
- "Shibboleth Authentication" (shibboleth_auth)
- "Secure Download Form" (rs_securedownload)
- "Member Infosheets" (if_membersheet)
- "TC Directmail" (tcdirectmail)
---------------------------------------------
http://lists.typo3.org/pipermail/typo3-announce/2016/000388.html
*** NIST Small Business Information Security guide for Small businesses ***
---------------------------------------------
The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses.
---------------------------------------------
http://securityaffairs.co/wordpress/53423/breaking-news/nist-small-business-information-security.html
*** [CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE ***
---------------------------------------------
Versions Affected: Apache OpenMeetings 3.1.0
Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack The issue was fixed in 3.1.2. All users are recommended to upgrade to Apache OpenMeetings 3.1.3
---------------------------------------------
http://www.securityfocus.com/archive/1/539751
*** Recordings from AppSecUSA 2016 in Washington, DC ***
---------------------------------------------
https://www.youtube.com/playlist?list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N
*** E-Mail-Sicherheitslücke in LTE-Router von Drei ***
---------------------------------------------
Jeder Nutzer, der sich mit einem Drei-Smartphone bei einem Drei-LTE-Router anmeldet, hat Zugriff auf die E-Mails des Router-Besitzers.
---------------------------------------------
https://futurezone.at/produkte/e-mail-sicherheitsluecke-in-lte-router-von-drei/230.656.314
*** Updated Good Practice Guide on National Cyber Security Strategies by ENISA ***
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/updated-good-practice-guide-on-national-cyber-security-strategies-by-enisa
*** Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016 ***
---------------------------------------------
On November 10, 2016, the OpenSSL Software Foundation released a security advisory that describes three vulnerabilities.
...
Cisco investigated its product line to determine which products may be affected by these vulnerabilities and the impact of the vulnerabilities on each affected product. For information about whether a product is affected, refer to the “Vulnerable Products” and “Products Confirmed Not Vulnerable” sections of this advisory.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
*** Master Decryption Keys and Decryptor for the Crysis Ransomware Released. ***
---------------------------------------------
The master decryption keys for the CrySiS Ransomware have been released this morning in a post on the BleepingComputer.com forums. At approximately 1 AM EST, a member named crss7777 created a post in the CrySiS support topic at BleepingComputer with a Pastebin link to a file containing the master decryption keys and how to use them. [...]
---------------------------------------------
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities have been addressed in LMS 5.0 on Cloud ***
http://www.ibm.com/support/docview.wss?uid=swg21993982
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2016-6304, CVE-2016-6303, CVE-2016-2178, CVE-2016-6306 and CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009586
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Provisioning Manager for OS Deployment and Tivoli Provisioning Manager for Images ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992898
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009585
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty which may impact IBM Streams (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993612
---------------------------------------------
*** IBM Security Bulletin: A Security Vulnerability has been fixed in IBM Security Privileged Identity Manager (CVE-2016-5964) ***
http://www.ibm.com/support/docview.wss?uid=swg21994065
---------------------------------------------
*** IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009590
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM WebSphere Portal (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989359
---------------------------------------------
*** IBM Security Bulletin: IBM Connections Security Update ***
http://www.ibm.com/support/docview.wss?uid=swg21990864
---------------------------------------------
*** IBM Security Bulletin: GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2016-0392) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009571
---------------------------------------------
More information about the Daily
mailing list