[CERT-daily] Tageszusammenfassung - Donnerstag 8-09-2016

Thu Sep 8 18:07:03 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 07-09-2016 18:00 − Donnerstag 08-09-2016 18:00
Handler:     Stephan Richter
Co-Handler:  Alexander Riepl


*** Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability ***
---------------------------------------------
A vulnerability in session identification management functionality of the web-based management interface for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to hijack a valid user session ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc


*** Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1


*** Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the web-based management interface of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an authenticated, remote attacker ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss


*** Return to libstagefright: exploiting libutils on Android ***
---------------------------------------------
I’ve been investigating different fuzzing approaches on some Android devices recently, and this turned up the following rather interesting bug (CVE 2016-3861 fixed in the most recent Android Security Bulletin), deep in the ..
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/09/return-to-libstagefright-exploiting.html


*** [R1] LCE 4.8.1 Fixes Multiple Third-party Library Vulnerabilities ***
---------------------------------------------
http://www.tenable.com/security/tns-2016-14


*** Critical Flaws Found in Network Management Systems ***
---------------------------------------------
Four leading network management system providers patched nearly a dozen critical cross-site scripting vulnerabilities disclosed Wednesday by Rapid7.
---------------------------------------------
http://threatpost.com/critical-flaws-found-in-network-management-systems-2/120407/


*** Updated DShield Blocklist ***
---------------------------------------------
Earlier today, I updated how our block list is generated. The idea behind this is to avoid some false positives and to make the list more meaningful. As usual, ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21453&


*** Stealing login credentials from a locked PC or Mac just got easier ***
---------------------------------------------
20 seconds of physical access with a $50 device is all it takes.
---------------------------------------------
http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/


*** The Limits of SMS for 2-Factor Authentication ***
---------------------------------------------
A recent ping from a reader reminded me that Ive been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication ..
---------------------------------------------
http://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/


*** Erpressungstrojaner: FBI hofft auf mehr Anzeigen ***
---------------------------------------------
Die Erpresser, die Computer kapern und verschlüsseln, werden immer professioneller. In den USA wünscht sich das FBI möglichst viele Anzeigen der Opfer, da jede Information im Kampf gegen die Verbrecher helfen könne.
---------------------------------------------
http://heise.de/-3316101


*** Ten-year-old Windows Media Player hack is the new black, again ***
---------------------------------------------
Why bother buying a zero-day when casual piracy and old code can p0wn thousands? Net scum are still finding ways to take down users with a decade-old Windows Media Player attack.
---------------------------------------------
www.theregister.co.uk/2016/09/08/windows_media_player_malware_drm_security/


*** WordPress 4.6.1 upgrades security, fixes 15 bugs ***
---------------------------------------------
WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately. The two ..
---------------------------------------------
https://www.helpnetsecurity.com/2016/09/08/wordpress-4-6-1-upgrades-security/


*** Netzwerkanalyse: Version 2.2 von Wireshark freigegeben ***
---------------------------------------------
Version 2.2 von Wireshark versteht eine Reihe neuer Protokolle. Zudem spricht es selbst inzwischen JSON und kann Pakete in diesem Format exportieren.
---------------------------------------------
http://heise.de/-3316297


*** Denial of Service in extension "Speaking URLs for TYPO3" (realurl) ***
---------------------------------------------
https://typo3.org/news/article/denial-of-service-in-extension-speaking-urls-for-typo3-realurl/


*** Xen Security Advisory CVE-2016-7154 / XSA-188 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-188.html


*** Xen Security Advisory CVE-2016-7094 / XSA-187 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-187.html


*** Xen Security Advisory CVE-2016-7093 / XSA-186 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-186.html


*** Xen Security Advisory CVE-2016-7092 / XSA-185 ***
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-185.html


*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious privileged code running within a guest VM to compromise the host.
---------------------------------------------
https://support.citrix.com/article/CTX216071


*** IBM Security Bulletin: A security vulnerability for cross-site scripting affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-2986) ***
---------------------------------------------
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21989940


*** IBM Security Bulletin: A vulnerability in PostgreSQL affects IBM Security Access Manager version 9 (CVE-2016-0773) ***
---------------------------------------------
IBM Security Access Manager version 9 appliances are affected by a vulnerability in postgreSQL. CVE(s): CVE-2016-0773 Affected product(s) and affected version(s): IBM ..
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21989543


*** Urheberrecht: Datenpanne bei Abmahnsoftware ***
---------------------------------------------
Eine Kanzlei, die gegen unrechtmäßige Nutzung von Fotos vorgeht, nutzt offenbar Software, die nachlässig konfiguriert ist. Unberechtigte Nutzer konnten Daten zu Mandaten und Abmahnungen einsehen.
---------------------------------------------
http://www.golem.de/news/urheberrechte-datenpanne-bei-abmahnkanzlei-1609-123149.html