[CERT-daily] Tageszusammenfassung - Donnerstag 6-10-2016
Daily end-of-shift report
team at cert.at
Thu Oct 6 18:12:43 CEST 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 05-10-2016 18:00 − Donnerstag 06-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Symantec Web Gateway Management Console Interface Command Injection ***
---------------------------------------------
Symantec has released an update to address a Symantec Web Gateway (SWG) Management Console Interface command injection issue bypassing validation restrictions to add an unauthorized whitelist entry.
Highest severity issue: Medium
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161005_00
*** NIST: People have given up on cybersecurity - its too much hassle ***
---------------------------------------------
To help change peoples mental models so that they will participate in cybersecurity, Theofanos said technology professionals have to do more work for the people using their products, so that people dont need to make too many decisions. "We need to make it easy for them to do the right thing," she said. "We need to make these things habits, so they dont really have to think about it."
---------------------------------------------
http://www.theregister.co.uk/2016/10/06/go_ahead_steal_my_muffin_recipe/
*** Spotify: Gratis-Version lieferte Schadsoftware für Windows und Mac aus ***
---------------------------------------------
Offensichtlich über Werbung von Dritten eingeschleust - Spotify bestätigt und entschuldigt sich bei Nutzern
---------------------------------------------
http://derstandard.at/2000045458665
*** Malicious actions not necessarily focused on causing disruptions in TELECOM, but system failures still are ***
---------------------------------------------
ENISA publishes its Annual Incidents report which gives the aggregated analysis of the security incidents causing severe outages in 2015.
---------------------------------------------
https://www.enisa.europa.eu/news/malicious-actions-not-necessarily-focused-on-causing-disruptions-in-telecom-but-system-failures-still-are
*** Vorsicht vor Verteilung von Malware via Steam-Chat ***
---------------------------------------------
Aktuell häufen sich Hinweise, dass Kriminelle verstärkt über gekaperte Steam-Accounts Links zu Webseiten mit Trojanern verschicken.
---------------------------------------------
https://heise.de/-3342136
*** Denial of Service Vulnerability in Citrix License Server ***
---------------------------------------------
A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote, unauthenticated attacker to crash the License Server.
This vulnerability affects all versions of Citrix License Server for Windows and Citrix License Server VPX earlier than version 11.14.0.1.
This vulnerability has been assigned the following CVE number: CVE-2016-6273
---------------------------------------------
http://support.citrix.com/article/CTX217430
*** Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation ***
---------------------------------------------
A vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA.
The vulnerability affects all versions of the Citrix Linux VDA earlier than version 1.4.0.
This vulnerability has been assigned the following CVE number: CVE-2016-6276
---------------------------------------------
http://support.citrix.com/article/CTX216628
*** Sicherheits-Patches: Foxit beugt Angriffen auf Reader und PhantomPDF vor ***
---------------------------------------------
Die Entwickler schließen mehrere kritische Lücken in den Linux-, OS-X- und Windows-Versionen.
---------------------------------------------
https://heise.de/-3341878
*** Wave your false flags! ***
---------------------------------------------
Targeted attackers are using an increasingly wide range of deception techniques to muddy the waters of attribution, planting "False Flag" timestamps, language strings, malware, among other things, and operating under the cover of non-existent groups.
---------------------------------------------
http://securelist.com/analysis/publications/76273/wave-your-false-flags/
*** Announcing CERT Basic Fuzzing Framework Version 2.8 ***
---------------------------------------------
Today we are announcing the release of the CERT Basic Fuzzing Framework Version 2.8 (BFF 2.8). Its been about three years since we released BFF 2.7. In this post, I highlight some of the changes weve made.
---------------------------------------------
https://insights.sei.cmu.edu/cert/2016/10/announcing-cert-basic-fuzzing-framework-bff-28.html
*** Palo Alto PAN-OS GlobalProtect Portal Web Interface Lets Remote Users Obtain Potentially Sensitive Information on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1036968
*** Erpressungs-Trojaner Cerber lernt dazu und verschlüsselt noch mehr ***
---------------------------------------------
Sicherheitsforscher warnen vor einer neuen Version der Ransomware, die nun unter anderem auch bestimmte laufende Prozesse beenden kann, um so Datenbanken in ihre Fänge zu bekommen.
---------------------------------------------
https://heise.de/-3341992
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco ASA Software DHCP Relay Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp
---------------------------------------------
*** Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
---------------------------------------------
*** Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
---------------------------------------------
*** Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
---------------------------------------------
*** Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
---------------------------------------------
*** Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
---------------------------------------------
*** Cisco Nexus 9000 Information Disclosure Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo
---------------------------------------------
*** Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr
---------------------------------------------
*** Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
---------------------------------------------
*** Cisco Firepower Management Center Console Local File Inclusion Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
---------------------------------------------
*** Cisco Firepower Management Center Console Authentication Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
---------------------------------------------
*** Cisco Firepower Threat Management Console Remote Command Execution Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
---------------------------------------------
*** Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2
---------------------------------------------
*** Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1
---------------------------------------------
*** Cisco Host Scan Package Cross-Site Scripting Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs
---------------------------------------------
*** Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst
---------------------------------------------
*** Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp
---------------------------------------------
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in crypto++ affects PowerKVM (CVE-2016-3995) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024263
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Python affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024236
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024261
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024270
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2016 CPU (CVE-2016-3485) that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991149
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller and Storwize Family (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009284
---------------------------------------------
*** IBM Security Bulletin: Vulnerability affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2947) ***
http://www.ibm.com/support/docview.wss?uid=swg21991477
---------------------------------------------
*** IBM Security Bulletin: XStream XML information discloure vulnerability affects IBM Rational Quality Manager (CVE-2016-3674) ***
http://www.ibm.com/support/docview.wss?uid=swg21991406
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2016-0359, CVE-2016-3092, CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990062
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LMS (CVE-2016-2510) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21987703
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in qemu affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024322
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024264
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in nginx affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024237
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in NRPE affects PowerKVM (CVE-2014-2913) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024235
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in lighttpd affects PowerKVM (CVE-2016-1000212) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024260
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in pigz affects PowerKVM (CVE-2015-1191) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024213
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in ganglia affects PowerKVM (CVE-2015-6816) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024262
---------------------------------------------
More information about the Daily
mailing list