[CERT-daily] Tageszusammenfassung - Donnerstag 22-09-2016

Daily end-of-shift report team at cert.at
Thu Sep 22 18:26:03 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 21-09-2016 18:00 − Donnerstag 22-09-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Fake-Abmahnung von RA Jörg Schmidt im Umlauf ***
---------------------------------------------
Haushalte erhalten eine Abmahnung der Rechtsanwaltskanzlei Jörg Schmidt. Darin heißt es, dass es zu einer Verletzung von Urheberrechten der abbywinters.com BV gekommen sei, weil Empfänger/innen den Erotikfilm "Girl & Girl Pee Marigold & Christiana" verwertet haben. Aus diesem Grund sollen sie 950.00 Euro zahlen. Es handelt sich um einen Betrugsversuch.
---------------------------------------------
https://www.watchlist-internet.at/sonstiges/fake-abmahnung-von-ra-joerg-schmidt-im-umlauf/




*** More than 840,000 Cisco devices are vulnerable to NSA-related exploit ***
---------------------------------------------
More than 840,000 Cisco networking devices from around the world are exposed to a vulnerability thats similar to one exploited by a hacking group believed to be linked to the U.S. National Security Agency.The vulnerability was announced by Cisco last week and it affects the IOS, IOS XE, and IOS XR software that powers many of its networking devices. The flaw allows hackers to remotely extract the contents of a devices memory, which can lead to the exposure of sensitive information.
---------------------------------------------
http://www.cio.com/article/3122868/more-than-840000-cisco-devices-are-vulnerable-to-nsa-related-exploit.html#tk.rss_security




*** Bug that hit Firefox and Tor browsers was hard to spot - now we know why ***
---------------------------------------------
The curious case of Firefoxs (now fixed) certificate pinning failure.
---------------------------------------------
http://arstechnica.com/security/2016/09/bug-that-hit-firefox-and-tor-browsers-was-hard-to-spot-now-we-know-why/




*** Hacked Website Report - 2016/Q2 ***
---------------------------------------------
Today we're releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side...
---------------------------------------------
https://blog.sucuri.net/2016/09/hacked-website-report-2016q2.html




*** KrebsOnSecurity Hit With Record DDoS ***
---------------------------------------------
On Tuesday evening, KrebsOnSecurity.com was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack theyve seen previously, and was among the biggest assaults the Internet has ever witnessed.
---------------------------------------------
http://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/




*** Controlling Kerio Control - When your firewall turns against you. ***
---------------------------------------------
IntroductionThis blog post describes two different attacks which can be used to compromise companies which use Kerio Control in their network. Kerio Control is a hardware appliance which can be used as network firewall, router and VPN gateway. Both attacks spawn a reverse shell on Kerio Control. Since both attack payloads are delivered via CSRF (cross site request forgery) or XSS (cross site scripting) no ports must be open from the Internet.
---------------------------------------------
http://blog.sec-consult.com/2016/09/controlling-kerio-control-when-your.html




*** Future attack scenarios against ATM authentication systems ***
---------------------------------------------
The report comprises two papers in which we analyze all existing methods of authentication used in ATMs and those expected to be used in the near future, including: contactless authentication through NFC, one-time password authentication and biometric authentication systems, as well as potential vectors of attacks using malware, through to network attacks and attacks on hardware components.
---------------------------------------------
http://securelist.com/analysis/publications/76099/future-attack-scenarios-against-atm-authentication-systems/




*** Cisco plugs two Cloud Services Platform system compromise flaws ***
---------------------------------------------
Cisco has patched two serious vulnerabilities in Cisco Cloud Services Platform 2100, both of which could allow a remote attacker to execute arbitrary code on a targeted system. Both vulnerabilities affect version 2.0 of the platform and there are no workarounds to address them, so administrators are advised to update to release 2.1.0 and later to plug the holes. What's the problem? Cisco Cloud Services Platform 2100 is a popular Linux Kernel-based Virtual Machine software...
---------------------------------------------
https://www.helpnetsecurity.com/2016/09/22/cisco-plugs-cloud-services-platform-flaws/




*** Fixing the mixed content problem with Automatic HTTPS Rewrites ***
---------------------------------------------
CloudFlare aims to put an end to the unencrypted Internet. But the web has a chicken and egg problem moving to HTTPS. Long ago it was difficult, expensive, and slow to set up an HTTPS capable web site. Then along came services like CloudFlare's Universal SSL that made switching...
---------------------------------------------
https://blog.cloudflare.com/fixing-the-mixed-content-problem-with-automatic-https-rewrites/




*** OpenSSL Update Released, (Thu, Sep 22nd) ***
---------------------------------------------
As announced earlier this week,OpenSSLreleased an update today for all currently supported versions (1.0.1, 1.0.2, 1.1.0). The update fixes 14 different vulnerabilities. Only one vulnerability is rated High. This vulnerability,CVE-2016-6304, can lead to memory exhaustion and a denial of service if the client sends multiple largeOCSP">OCSP">">">SWEET32">">OOB write in">">MalformedSHA512">">">">Pointer...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21509&rss




*** OpenSSL Security Advisory [22 Sep 2016] ***
---------------------------------------------
OCSP Status Request extension unbounded memory growth (CVE-2016-6304) SSL_peek() hang on empty record (CVE-2016-6305) SWEET32 Mitigation (CVE-2016-2183) OOB write in MDC2_Update() (CVE-2016-6303) Malformed SHA512 ticket DoS (CVE-2016-6302) OOB write in BN_bn2dec() (CVE-2016-2182) OOB read in TS_OBJ_print_bio() (CVE-2016-2180) Pointer arithmetic undefined behaviour (CVE-2016-2177) Constant time flag not preserved in DSA signing (CVE-2016-2178) DTLS buffered message DoS (CVE-2016-2179) DTLS...
---------------------------------------------
https://www.openssl.org/news/secadv/20160922.txt




*** Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004 ***
---------------------------------------------
Description Users who have rights to edit a node, can set the visibility on comments for that node. Advisory ID: DRUPAL-SA-CORE-2016-004Project: Drupal core Version:li 8.xDate: 2016-September-21Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: DescriptionUsers without "Administer comments" can set comment visibility on nodes they can edit. (Less critical) Users who have rights to edit a node, can set the visibility on comments for that
---------------------------------------------
https://www.drupal.org/SA-CORE-2016-004




*** ZDI-16-526: (0Day) Google Chrome Protocol Handler Logic Error Restrictions Bypass Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to bypass restrictions on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-526/




*** ZDI-16-525: (0Day) Fatek Automation PM Designer Heap Memory Corruption Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PM Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-525/




*** [2016-09-22] Potential backdoor access through multiple vulnerabilities in in Kerio Control Unified Threat Management ***
---------------------------------------------
Kerio Control contains multiple vulnerabilities which can be used by an attacker to obtain a reverse root shell to the internal firewall system of a network. An attacker can use this reverse root shell to further compromise the victims local network, sniff VPN traffic (including VPN credentials) or just backdoor the firewall/VPN gateway.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160922-0_Kerio_Control_Potential_backdoor_access_through_multiple_vulnerabilities_v10.txt




*** HPSBGN03649 rev.1 - HPE Network Automation using Java Deserialization, Remote Code Execution ***
---------------------------------------------
A vulnerability in Apache Commons-Collections and Commons-BeanUtils library used for handling Java object deserialization was addressed by HPE Network Automation. The vulnerability could be exploited remotely to allow remote code execution.
---------------------------------------------
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05279098




*** SSA-342135 (Last Update 2016-09-22): Web Vulnerability in SCALANCE M-800 / S615 ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-342135.pdf


*** SSA-301706 (Last Update 2016-09-22): GNU C Library Vulnerability in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf




*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic
---------------------------------------------
*** Cisco IOS and IOS XE iox Command Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
---------------------------------------------
*** Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc
---------------------------------------------
*** Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
---------------------------------------------
*** Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
---------------------------------------------
*** Cisco Cloud Services Platform 2100 Command Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-1
---------------------------------------------
*** Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-cph
---------------------------------------------
*** Cisco Application-Hosting Framework HTTP Header Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1
---------------------------------------------
*** Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
---------------------------------------------


More information about the Daily mailing list