[CERT-daily] Tageszusammenfassung - Donnerstag 13-10-2016

Thu Oct 13 18:30:15 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 12-10-2016 18:00 − Donnerstag 13-10-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Gefälschte Finanzministerium-Phishingmail im Umlauf ***
---------------------------------------------
In E-Mailpostfächern findet sich eine vermeintliche Benachrichtigung des Bundesministerium für Finanzen. In dem Schreiben heißt es, dass das BMF Empfänger/innen die Überzahlung von 716,43 Euro zurückerstatte. Dafür sei es notwendig, dass diese ein "Steuer formular" im Anhang der E-Mail ausfüllen. Es handelt sich um einen Phishingversuch von Kriminellen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-finanzministerium-phishingmail-im-umlauf/


*** Gratulation an unser milCERT ***
---------------------------------------------
Gestern war der monatliche Patchday von Microsoft und mitten in den Bugs, die Remote Code Execution erlauben findet sich auch folgendes: Acknowledgments - 2016 MS16-121 Microsoft Office Memory Corruption Vulnerability CVE-2016-7193 Austrian MilCERT | Wir gratulieren unseren Kollegen aus der Stiftskaserne zu dem Fund und erwarten die Details dazu demnächst über dem einen oder anderen Bier. Autor: Otmar Lendl
---------------------------------------------
http://www.cert.at/services/blog/20161012185042-1798.html


*** Everyone Loves Selfies, Including Malware! ***
---------------------------------------------
I was talking with some of my coworkers the other day about why I wanted to jump to the larger iPhone 7 Plus. For me it came down to the camera. I travel a lot for work and even though photography is something of a hobby of mine, I don't always have my "good camera"...
---------------------------------------------
https://blogs.mcafee.com/consumer/everyone-loves-selfies-including-malware/


*** A Look at the BIND Vulnerability: CVE-2016-2776 ***
---------------------------------------------
On September 27, the Internet Systems Consortium (ICS) announced the release of patches for a critical vulnerability that would allow attackers to launch denial-of-service (DoS) attacks using the Berkeley Internet Name Domain (BIND) exploits. The critical error was discovered during internal testing by the ISC. BIND is a very popular open-source software component that implements DNS protocols. It is also known as the de facto standard for Linux and other Unix-based systems, which means a...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/78QqkPE96mw/


*** WSF attachments are the latest malware delivery vehicle ***
---------------------------------------------
Most users have by now learned not to open executable (.EXE), various MS Office, RTF and PDF files delivered via unsolicited emails, but malware peddlers are always trying out new ways to trick users, email filters and AV software. Number of blocked emails containing malicious WSF attachments by month According to Symantec, Windows Script Files (WSFs) are the latest file types to be exploited to deliver malware via email.
---------------------------------------------
https://www.helpnetsecurity.com/2016/10/13/wsf-attachments-malware-delivery/


*** CryPy: ransomware behind Israeli lines ***
---------------------------------------------
A Tweet posted recently by AVG researcher, Jakub Kroustek, suggested that a new ransomware, written entirely in Python, had been found in the wild, joining the emerging trend for Pysomwares such as the latest HolyCrypt, Fs0ciety Locker and others.
---------------------------------------------
http://securelist.com/blog/research/76318/crypy-ransomware-behind-israeli-lines/


*** IoT Devices as Proxies for Cybercrime ***
---------------------------------------------
Multiple stories published here over the past few weeks have examined the disruptive power of hacked "Internet of Things" (IoT) devices such as routers, IP cameras and digital video recorders. This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity -- from frequenting underground forums to credit card and tax refund fraud.
---------------------------------------------
https://krebsonsecurity.com/2016/10/iot-devices-as-proxies-for-cybercrime/


*** 6000 Online-Shops angeblich mit Kreditkarten-Skimmern verseucht - Tendenz steigend ***
---------------------------------------------
Online-Kriminelle greifen derzeit vermehrt Kreditkarten-Daten auf Webseiten von Online-Shops ab, berichtet ein Sicherheitsforscher.
---------------------------------------------
https://heise.de/-3349185


*** What is MANRS and does your network have it? ***
---------------------------------------------
While the internet itself was first envisioned as a way of enabling robust, fault-tolerant communication, the global routing infrastructure that underlies it is relatively fragile. A simple error like the misconfiguration of routing information in one of the 7,000 to 10,000 networks central to global routing can lead to a widespread outage, and deliberate actions, like preventing traffic with spoofed source IP addresses, can lead to distributed denial of service (DDoS) attacks.
---------------------------------------------
http://www.cio.com/article/3130707/internet/what-is-manrs-and-does-your-network-have-it.html#tk.rss_security


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8
---------------------------------------------
*** Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas
---------------------------------------------
*** Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm
---------------------------------------------
*** Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime
---------------------------------------------
*** Cisco Meeting Server Client Authentication Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc
---------------------------------------------
*** Cisco Finesse Cross-Site Request Forgery Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin
---------------------------------------------


*** Juniper Security Bulletins ***
---------------------------------------------
*** JSA10763 - 2016-10 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Junos CLI (CVE-2016-4922) ***
http://kb.juniper.net/index?page=content&id=JSA10763&actp=RSS
---------------------------------------------
*** JSA10766 - 2016-10 Security Bulletin: vMX: Information leak vulnerability (CVE-2016-4924) ***
http://kb.juniper.net/index?page=content&id=JSA10766&actp=RSS
---------------------------------------------
*** JSA10767 - 2016-10 Security Bulletin: JUNOSe: Line Card Reset: processor exception 0x68616c74 (halt) task: scheduler, upon receipt of crafted IPv6 packet (CVE-2016-4925) ***
http://kb.juniper.net/index?page=content&id=JSA10767&actp=RSS
---------------------------------------------
*** JSA10764 - 2016-10 Security Bulletin: Junos J-Web: Cross Site Scripting Vulnerability (CVE-2016-4923) ***
http://kb.juniper.net/index?page=content&id=JSA10764&actp=RSS
---------------------------------------------
*** JSA10762 - 2016-10 Security Bulletin: Junos: IPv6 denial of service vulnerability due to resource exhaustion (CVE-2016-4921) ***
http://kb.juniper.net/index?page=content&id=JSA10762&actp=RSS
---------------------------------------------
*** JSA10761 - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView ***
http://kb.juniper.net/index?page=content&id=JSA10761&actp=RSS
---------------------------------------------
*** JSA10760 - 2016-10 Security Bulletin: Junos Space: Multiple vulnerabilities ***
http://kb.juniper.net/index?page=content&id=JSA10760&actp=RSS
---------------------------------------------
*** JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates ***
http://kb.juniper.net/index?page=content&id=JSA10759&actp=RSS
---------------------------------------------


*** Security Advisory: PCRE vulnerability CVE-2016-3191 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/51/sol51440224.html?ref=rss


*** Brocade NetIron MLX Line Card IPSec Processing Bug Lets Remote Users Cause the Target Line Card to Reset ***
---------------------------------------------
http://www.securitytracker.com/id/1037010


*** Fortinet FortiManager Input Validation Flaw in Advanced Settings Page Lets Remote Authenticated Administrative Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1036982


*** Fortinet FortiAnalyzer Input Validation Flaw in Advanced Settings Page Lets Remote Authenticated Administrative Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1036981


*** Palo Alto PAN-OS Range Header Null Pointer Dereference Lets Remote Users Cause the Target Service to Crash ***
---------------------------------------------
http://www.securitytracker.com/id/1037007


*** DFN-CERT-2016-1689: Ghostscript: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1689/


*** Vuln: SAP NetWeaver ABAP ST-PI Component SQL Injection Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93506


*** Vuln: SAP BusinessObjects Unspecified Cross Site Request Forgery Vulnerability ***
--------------------------------------------
http://www.securityfocus.com/bid/93508


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM BigFix Remote Control (CVE-2016-2183, CVE-2016-6304, CVE-2016-2177, CVE-2016-2178, CVE-2016-6306) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991896
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to information disclosure (CVE-2016-5994) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992171
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BigFix Remote Control (CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991894
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Websphere that is used by IBM BigFix Remote Control. (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991866
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Websphere Application Server affects IBM BigFix Remote Control (CVE-2016-5983) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991902
---------------------------------------------
*** IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud has addressed (CVE-2016-5949) ***
http://www.ibm.com/support/docview.wss?uid=swg21992276
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Campaign, IBM Interact, IBM Distributed Marketing, IBM Marketing Operations (CVE-2016-3092) ***
http://www.ibm.com/support/docview.wss?uid=swg21991786
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload Vulnerabilities IBM Algorithmics Algo Risk Application ***
http://www.ibm.com/support/docview.wss?uid=swg21990262
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2016-2177, CVE-2016-2178) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099492
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Apache Struts affect IBM BigFix Remote Control (CVE-2016-1181, CVE-2016-1182) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991903
---------------------------------------------