[CERT-daily] Tageszusammenfassung - Freitag 23-09-2016

Fri Sep 23 18:10:35 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 22-09-2016 18:00 − Freitag 23-09-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** The era of big DDOS?, (Thu, Sep 22nd) ***
---------------------------------------------
I have been tracking DDOSs for a number of years, and quite frankly, it has become boring. Dont get me wrong, I am not complaining, just stating a fact. A number of factors seem tohave contributed to its fall from mainstream consciousness. somewhat better filtering practices, more awareness of timely patching, and probably the most significant being the novelty has worn off. Occasionally I will still see a multi-Gbps DDOS, but mostly it has been relegated to booter traffic which is not even a...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21511&rss


*** LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD ***
---------------------------------------------
LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO). Version 1.0 was released last January. The PRE-RELEASE LGPO.exe v2.0 is attached to this blog post, and adds support for Multiple Local Group Policy Objects (MLGPO) and 64-bit REG_QWORD registry values. Full details are in the LGPO.pdf in the download. For more...
---------------------------------------------
https://blogs.technet.microsoft.com/secguide/2016/09/23/lgpo-exe-v2-0-pre-release-support-for-mlgpo-and-reg_qword/


*** Gefälschte Sendungsverfolgungen der Post ***
---------------------------------------------
Internet-Nutzer/innen erhalten eine angebliche Sendungsverfolgung der Österreichischen Post. Darin heißt es, dass das Unternehmen ein Paket zurückerhalten habe. Damit es Empfänger/innen erhalten können, sollen sie einen Link aufrufen und eine Datei ausführen. Sie beinhaltet Schadsoftware. Wer diese öffnet, erleidet einen Datenverlust.
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-sendungsverfolgungen-der-post/


*** Nach DDoS-Attacken: Akamai nimmt Sicherheitsforscher Krebs vom Netz ***
---------------------------------------------
Nach der Enttarnung eines israelischen DDoS-Anbieters ist der Sicherheitsexperte Krebs selbst Opfer eines ungewöhnlichen Angriffs geworden. Seine Website ist vom Netz genommen worden.
---------------------------------------------
http://www.golem.de/news/nach-ddos-attacken-akamai-nimmt-sicherheitsforscher-krebs-vom-netz-1609-123419-rss.html


*** A week to go for the European Cyber Security Month launch! ***
---------------------------------------------
ENISA together with the European Commission, the European Baking Federation (EBF), Europol's European Cybercrime Centre (EC3), and its partners, are getting ready for the launch event of the European Cyber Security Month (ECSM), the EU advocacy campaign on cybersecurity which runs throughout October.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/a-week-to-go-for-the-european-cyber-security-month-launch-1


*** Security Update for Microsoft Office (3185852) ***
---------------------------------------------
V.2.0(September 22, 2016): Bulletin revised to announce the availability of the 14.6.8 update for Microsoft Office for Mac 2011 (3186805) and the 15.25 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-107


*** Cisco Email Security Appliance Internal Testing Interface Vulnerability ***
---------------------------------------------
A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device.The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an...
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa


*** IDM 4.5 Notes Driver Version 4.0.1.0 ***
---------------------------------------------
Abstract: This patch is for Identity Manger Notes Driver. It can be installed on IDM 4.5. This patch will take the version of the Notes Driver to version 4.0.1.0.Document ID: 5255110Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:IDM45_Notes_4010.zip (1.12 MB)Products:Identity Manager 4.5Superceded Patches:IDM 4.5 Notes Driver Version 4.0.0.4
---------------------------------------------
https://download.novell.com/Download?buildid=aLUafJcAJps~


*** DSA-3674 firefox-esr - security update ***
---------------------------------------------
Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may lead to the execution of arbitrary code orinformation disclosure.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3674


*** Microsoft Internet Explorer 11 CORS Disrespect ***
---------------------------------------------
Topic: Microsoft Internet Explorer 11 CORS Disrespect Risk: Low Text:IE11 is not following CORS specification for local files like Chrome and Firefox. Ive contacted Microsoft and they say this i...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016090165


*** DFN-CERT-2016-1560/">LibreSSL: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1560/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983). ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990060
---------------------------------------------
*** IBM Security Bulletin: Security vulnerability has been identified in IBM WebSphere Portal (CVE-2016-5954) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989993
---------------------------------------------
*** IBM Security Bulletin: IBM DB2 LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985). ***
http://www-01.ibm.com/support/docview.wss?uid=swg21989842
---------------------------------------------
*** IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4483) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990364
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Algo Credit Manager (CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21988586
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo Credit Administrator (CVE-2016-3092) ***
http://www.ibm.com/support/docview.wss?uid=swg21988585
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182) ***
http://www.ibm.com/support/docview.wss?uid=swg21987189
---------------------------------------------
*** IBM Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21986710
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Network Security (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2016-1978) ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009280
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-0377) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21990525
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Tivoli LWI impacts pConsole and WebSM for AIX (CVE-2016-6038) ***
http://http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
---------------------------------------------
*** IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-2985 and CVE-2016-2984) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024336
---------------------------------------------
*** IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix ***
http://www.ibm.com/support/docview.wss?uid=swg21990527
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in libpng affect NVIDIA Linux device drivers for System x, Flex and BladeCenter Systems (CVE-2015-8472, CVE-2015-7981, CVE-2015-8126) ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099471
---------------------------------------------