[CERT-daily] Tageszusammenfassung - Donnerstag 20-04-2017
Daily end-of-shift report
team at cert.at
Thu Apr 20 18:05:44 CEST 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 19-04-2017 18:00 − Donnerstag 20-04-2017 18:00
Handler: Stephan Richter
Co-Handler: Alexander Riepl
*** DFN-CERT-2017-0683/">GnuTLS: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0683/
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco ASA Software DNS Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns
---------------------------------------------
*** Cisco Unified Communications Manager Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
---------------------------------------------
*** Cisco Prime Network Registrar DNS Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns
---------------------------------------------
*** Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp
---------------------------------------------
*** Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
---------------------------------------------
*** Cisco FindIT Network Probe Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit
---------------------------------------------
*** Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
---------------------------------------------
*** Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi
---------------------------------------------
*** Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
---------------------------------------------
*** Cisco Integrated Management Controller User Session Hijacking Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2
---------------------------------------------
*** Cisco Integrated Management Controller Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1
---------------------------------------------
*** Cisco Integrated Management Controller Command Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
---------------------------------------------
*** Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth
---------------------------------------------
*** Cisco ASA Software SSL/TLS Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls
---------------------------------------------
*** Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm
---------------------------------------------
*** Cisco ASA Software IPsec Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec
---------------------------------------------
*** Bereiten Sie sich schon 2017 auf die Datenschutz-Grundverordnung vor: Wichtige Fragen ***
---------------------------------------------
Die neue Datenschutz-Grundverordnung wird in diesem Jahr in vielen Branchen bei Entscheidungen zu Sicherheitslösungen eine wichtige Rolle spielen. Die Höhe der möglichen Geldbußen ..
---------------------------------------------
https://securingtomorrow.mcafee.com/languages/german/bereiten-sie-sich-schon-2017-auf-die-datenschutz-grundverordnung-vor-wichtige-fragen/
*** Drupal Core - Critical - Access Bypass - SA-CORE-2017-002 ***
---------------------------------------------
https://www.drupal.org/SA-CORE-2017-002
*** Organizations are not effectively dealing with open source security threats ***
---------------------------------------------
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation ..
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/20/open-source-security-threats/
*** DNS Query Length... Because Size Does Matter, (Thu, Apr 20th) ***
---------------------------------------------
In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass securitycontrols. DNS tunnelling is a common way to establish ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22326
*** Malware: Schadsoftware bei 1.200 Holiday-Inn- und Crown-Plaza-Hotels ***
---------------------------------------------
Wer im vergangenen Jahr auf Geschäftsreise oder im Urlaub in den USA gewesen ist, sollte seine Kreditkartenabrechnungen prüfen: Zahlungsterminals zahlreicher ..
---------------------------------------------
https://www.golem.de/news/malware-schadsoftware-bei-1-200-holiday-inn-und-crown-plaza-hotels-1704-127391.html
*** Spyware Disguised as System Update Survived on Play Store for Almost Three Years ***
---------------------------------------------
An Android app named "System Update" that secretly contained a spyware family named SMSVova, survived on the official ..
---------------------------------------------
https://www.bleepingcomputer.com/news/security/spyware-disguised-as-system-update-survived-on-play-store-for-almost-three-years/
*** [R2] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities ***
---------------------------------------------
On 2017-04-18, security researcher "agix" published an exploit for the remote command execution flaw (VulnDB 153135). As such, customers are more strongly encouraged to upgrade immediately.
---------------------------------------------
https://www.tenable.com/security/tns-2017-07
*** Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) ***
---------------------------------------------
In the last few months, I have been testing several Trend Micro products with Steven Seeley (@steventseeley). Together, we have found more than 200+ RCE (Remote Code Execution) vulnerabilities ..
---------------------------------------------
http://blog.malerisch.net/2017/04/trend-micro-threat-discovery-appliance-session-generation-authentication-bypass-cve-2016-8584.html
*** Stealing sensitive browser data with the W3C Ambient Light Sensor API ***
---------------------------------------------
In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your //
---------------------------------------------
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
*** Combating a spate of Java malware with machine learning in real-time ***
---------------------------------------------
In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/04/20/combating-a-wave-of-java-malware-with-machine-learning-in-real-time/
*** Browser-Updates für Chrome und Firefox stopfen kritische Lücken ***
---------------------------------------------
Sowohl Google als auch Mozilla haben kritische Sicherheitslücken in ihren Web-Browsern gestopft. Diese können von Angreifern für Drive-By-Attacken missbraucht werden.
---------------------------------------------
https://heise.de/-3689571
*** Abusing NVIDIAs node.js to bypass application whitelisting ***
---------------------------------------------
Application WhitelistingApplication whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a ..
---------------------------------------------
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
*** DNSSEC: ISC läutet Schlüsseltausch für BIND9 ein ***
---------------------------------------------
Das Update ist für alle BIND9-Betreiber wichtig, die die Software zum Validieren von signierten DNS-Antworten einsetzen, aber kein automatisches Schlüssel-Update eingerichtet haben.
---------------------------------------------
https://heise.de/-3689170
More information about the Daily
mailing list