[CERT-daily] Tageszusammenfassung - Freitag 21-04-2017

Daily end-of-shift report team at cert.at
Fri Apr 21 18:22:09 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-04-2017 18:00 − Freitag 21-04-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** 20 Linksys Router Models Vulnerable To Attack ***
---------------------------------------------
Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company.
---------------------------------------------
http://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/




*** The History of Fileless Malware - Looking Beyond the Buzzword ***
---------------------------------------------
What's the deal with "fileless malware"? Though many security professionals cringe when they hear this term, lots of articles and product brochures mention fileless malware in the context of threats that are difficult to resist and investigate. Below is my attempt to look beyond the buzzword, tracing the origins of this term and outlining the malware samples that influenced how we use... Read more
---------------------------------------------
https://zeltser.com/fileless-malware-beyond-buzzword/




*** Archive.org Abused to Deliver Phishing Pages ***
---------------------------------------------
The Internet Archive is a well-known website and more precisely for its "WaybackMachine" service. It allows you to search for and display old versions of websites. The current Alexa ranking is 262 which makes it a "popular and trusted" website. Indeed, like I explained in a recent SANS ISC diary, whitelists [...]
---------------------------------------------
https://blog.rootshell.be/2017/04/20/archive-org-abused-deliver-phishing-pages/




*** Analysis of a Maldoc with Multiple Layers of Obfuscation, (Fri, Apr 21st) ***
---------------------------------------------
Thanks to our readers, we get often interesting samples to analyze. This time, Frederick sent us a malicious Microsoft Word document called Invoice_6083.doc (which was delivered in a zip archive). I had a quick look [...]
---------------------------------------------
https://isc.sans.edu/diary/Analysis+of+a+Maldoc+with+Multiple+Layers+of+Obfuscation/22330




*** TLS-Interception: Sophos-Firewall wird von Chrome-Änderung überrascht ***
---------------------------------------------
Nutzer, die den Chrome-Browser hinter einer Firewall von Sophos nutzen, sehen zur Zeit nur Zertifikatswarnungen. Die neue Chrome-Version ignoriert den sogenannten CommonName, der schon seit 17 Jahren als veraltet gilt. (Sophos, Browser)
---------------------------------------------
https://www.golem.de/news/tls-interception-sophos-firewall-wurd-von-chrome-aenderung-ueberrascht-1704-127424-rss.html




*** Domain Fronting ***
---------------------------------------------
In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for [...]
---------------------------------------------
http://resources.infosecinstitute.com/domain-fronting/




*** Top-ranked programming Web tutorials introduce vulnerabilities into software ***
---------------------------------------------
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The process The researchers identified popular tutorials by inputing search terms such as "mysql tutorial", [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabilities/




*** Security vulnerability in unmaintained Drupal contrib module puts 120000 sites at risk ***
---------------------------------------------
[...] The module is currently used by over 120 000 individual Drupal installations, but is no longer maintained. The last update was done in February 2013. Unfortunately a critical security vulnerability in this references module has been reported by the Drupal core security team as SA-CONTRIB-2017-38: [...]
---------------------------------------------
http://drupal.sh/vulnerable-drupal-contrib-module-puts-120000-sites-at-risk


*** References - Unsupported - SA-CONTRIB-2017-38 ***
---------------------------------------------
[...] Updates: 2017-04-18 -- This issue has been resolved with the release of references 7.x-2.2
---------------------------------------------
https://www.drupal.org/node/2869138




*** cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1038341




*** SSHD vulnerability CVE-2017-6128 ***
---------------------------------------------
https://support.f5.com/csp/article/K92140924




*** DFN-CERT-2017-0704: FreeType: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0704/




*** Security Advisory - Buffer Overflow vulnerability in the GaussDB ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170420-01-gaussdb-en




*** Security updates available in Foxit Reader 8.3 and Foxit PhantomPDF 8.3 ***
---------------------------------------------
Foxit has released Foxit Reader 8.3 and Foxit PhantomPDF 8.3, which address potential security and stability issues.
---------------------------------------------
https://www.foxitsoftware.com/support/security-bulletins.php




*** Vuln: Linux Kernel CVE-2017-7645 Multiple Denial of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/97950





*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM Domino server IMAP EXAMINE command stack buffer overflow (CVE-2017-1274) ***
http://www.ibm.com/support/docview.wss?uid=swg22002280
---------------------------------------------
*** IBM Security Bulletin: Plugin Uploads in IBM UrbanCode Deploy Vulnerable to XML Injection (CVE-2016-9007) ***
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000289
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM BigFix Remote Control. ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000544
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-5556, CVE-2016-5597 and CVE-2016-5542) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996985
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerability in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2016-5597 CVE-2016-5546 CVE-2016-5548 CVE-2016-5549 CVE-2016-5547 CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000580
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM Marketing Software products suite (CVE-2014-3625) ***
http://www.ibm.com/support/docview.wss?uid=swg22002110
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Optim Performance Manager (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002204
---------------------------------------------


More information about the Daily mailing list