[CERT-daily] Tageszusammenfassung - Freitag 7-10-2016
Daily end-of-shift report
team at cert.at
Fri Oct 7 18:11:41 CEST 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 06-10-2016 18:00 − Freitag 07-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
*** Gefälschtes Bank Austria-Sicherheitszertifikat ist Schadsoftware ***
---------------------------------------------
In einer gefälschten Bank Austria-Nachricht mit dem Betreff "Sicherheitszertifikat" behaupten Kriminelle, dass Empfänger/innen ein Programm für ihr Smartphone installieren müssen. Das ist angeblich notwendig, damit sie ihr OnlineBanking-Konto nützen können. In Wahrheit handelt es sich bei dem Programm um Schadsoftware.
---------------------------------------------
https://www.watchlist-internet.at/schadsoftware/gefaelschtes-bank-austria-sicherheitszertifikat-ist-schadsoftware/
*** Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-33) ***
---------------------------------------------
A prenotification Security Advisory (APSB16-33) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, October 11, 2016. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the Adobe...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1405
*** 100+ online shops compromised with payment data-stealing code ***
---------------------------------------------
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping. According to RiskIQ and ClearSky researchers, the campaign - which they dubbed Magecart - is still ongoing, albeit at a reduced scope and pace. Since March, the threat actor behind it has compromised more than 100...
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/07/payment-data-stealing-code/
*** Hintergrund: Analysiert: Werbekeule statt Glitzersteine - Android-Malware CallJam seziert ***
---------------------------------------------
Trotz verschiedener Sicherheits-Checks schleicht sich immer wieder Malware in Googles App Store. Eine davon gibt sich als vermeintliches Helferlein für das unfassbar erfolgreiche Spiel "Clash Royale" aus.
---------------------------------------------
https://heise.de/-3340267
*** Lovoo: Sicherheitslücke ermüglicht Erstellung von Bewegungsprofilen ***
---------------------------------------------
Über die Web-API des Dating-Dienstes ließen sich bis vor kurzem Informationen über Nutzer abrufen - auch ohne Login. Per Skript-Automatisierung können damit Bewegungsprofile erstellt werden.
---------------------------------------------
http://www.golem.de/news/lovoo-sicherheitsluecke-ermoeglicht-erstellung-von-bewegungsprofilen-1610-123642-rss.html
*** Positive Technologies: Security Trends & Vulnerabilities Review Industrial Control Systems (PDF) ***
---------------------------------------------
This study examines components of ICS from different vendors. In the period from 2012 to 2015, a total of 743 vulnerabilities were discovered in ICS components; most of them were detected in products from well-known companies: Siemens, Schneider Electric, and Advantech. Most vulnerabilities are of either high or medium risk (47% high, 47% medium). ... Summary: The study shows that the number of vulnerable ICS components is not reducing from year to year. Nearly half of identified...
---------------------------------------------
https://www.ptsecurity.com/upload/iblock/6bd/ics_vulnerability_2016_eng.pdf
*** An attachment that wasn't there ***
---------------------------------------------
By Slavo Greminger and Oli Schacher | On a daily basis we collect tons of Spam emails, which we analyze for malicious content. Of course, this is not done manually by our thousands of minions, but automated using some Python-fu. Python...
---------------------------------------------
https://securityblog.switch.ch/2016/10/07/an-attachment-that-wasnt-there/
*** Sicherheits-Updates: Angreifer können Cisco-Switches kapern ***
---------------------------------------------
Der Netzwerkausrüster kümmert sich um zwei als kritisch eingestufte Sicherheitslücken in Switches der Nexus-Serie und verteilt Sicherheits-Patches für 15 weitere Schwachstellen in verschiedenen Produkten.
---------------------------------------------
https://heise.de/-3342846
*** OS X El Capitan: Warten auf das große Sicherheitsupdate ***
---------------------------------------------
Mit Apples neuem Betriebssystem macOS Sierra werden zahlreiche Lücken gestopft, die in der Vorversion stecken. Doch ein eigenes Update für OS X El Capitan hat der Hersteller noch nicht publiziert.
---------------------------------------------
https://heise.de/-3342343
*** Malware könnte Video und Audio vom Mac aufzeichnen ***
---------------------------------------------
Der Sicherheitsforscher Patrick Wardle hat einen Demo-Exploit entwickelt, der Kamera- und Mikrofondaten mitschneiden kann, während Chats laufen.
---------------------------------------------
https://heise.de/-3342336
*** VMSA-2016-0015 VMware Horizon View updates address directory traversal vulnerability (CVE-2016-7087) ***
---------------------------------------------
Severity: Important VMware Horizon View contains a vulnerability that may allow for a directory traversal on the Horizon View Connection Server. Exploitation of this issue may lead to a partial information disclosure.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0015.html
*** IDM 4.5 One SSO Provider (OSP) 6.0.0.5 ***
---------------------------------------------
Abstract: This hotfix provides enhancements and software fixes for the One SSO Provider for Identity Manager. For more information about these updates, see the hotfix details.Document ID: 5256490Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:IDM45-OSP60-HF-5.zip (23.28 MB)Products:Identity Manager 4.5Access Review 1.1Access Review 1.5Superceded Patches:IDM 4.5 One SSO Provider (OSP)
---------------------------------------------
https://download.novell.com/Download?buildid=Z0jKqCEDM7k~
*** Atlassian HipChat Secret Key Disclosure ***
---------------------------------------------
Topic: Atlassian HipChat Secret Key Disclosure Risk: Medium Text:This email refers to the following advisory pages: * Bitbucket Server - https://confluence.atlassian.com/x/0QkcMg * Conflue...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016100066
*** DFN-CERT-2016-1653: KDE: Mehrere Schwachstellen in KMail ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1653/
*** GE Bently Nevada 3500/22M Improper Authorization Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure Portal library on September 8, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an improper authorization vulnerability in the GE Bently Nevada 3500/22M monitoring system.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM WebSphere Dashboard Framework is affected by a security vulnerability in Apache POI (CVE-2016-5000) ***
http://www.ibm.com/support/docview.wss?uid=swg21991850
---------------------------------------------
*** IBM Security Bulletin: IBM Web Experience Factory is affected by a security vulnerability in Apache POI (CVE-2016-5000) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991851
---------------------------------------------
*** IBM Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991839
---------------------------------------------
*** IBM Security Bulletin: IBM Web Experience Factory is affected by multiple security vulnerabilities in Apache POI ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991845---------------------------------------------
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-3485) ***
http://www.ibm.com/support/docview.wss?uid=swg21991877
---------------------------------------------
*** IBM Security Bulletin: : Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-3485) ***
http://www.ibm.com/support/docview.wss?uid=swg21991879
---------------------------------------------
*** IBM Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-4463) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991111
---------------------------------------------
*** IBM Security Bulletin: IBM Streams is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991061
---------------------------------------------
*** IBM Security Bulletin: IBM Streams may be impacted by a vulnerability in WebSphere Liberty (CVE-2016-2923) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991058
---------------------------------------------
*** IBM Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991112
---------------------------------------------
More information about the Daily
mailing list