[CERT-daily] Tageszusammenfassung - Montag 6-02-2017

Mon Feb 6 18:07:23 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 03-02-2017 18:00 − Montag 06-02-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Vuln: Barracuda NextGen Firewal F-Series Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96000


*** Vuln: Multiple GStreamer Plug-ins Buffer Overflow and Denial Of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/96001


*** Honeywell SCADA Controllers Exposed Passwords in Clear Text ***
---------------------------------------------
A series of remotely exploitable vulnerabilities - including clear text passwords - exist in a set of Honeywell SCADA systems.
---------------------------------------------
http://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clear-text/123562/


*** [remote] - Netwave IP Camera - Password Disclosure ***
---------------------------------------------
https://www.exploit-db.com/exploits/41236/?rss


*** Security Advisory: Apache vulnerability CVE-2016-8743 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00373024.html?ref=rss


*** Security Advisory: OpenSSL vulnerability CVE-2016-7055 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43570545.html?ref=rss


*** [SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features ***
---------------------------------------------
I published the following diary on isc.sans.org: "Detecting Undisclosed Vulnerabilities with Security Tools & Features". I'm a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the "SIEM of the poor", it integrates a lot of interesting features and is fully configurable ...
---------------------------------------------
https://blog.rootshell.be/2017/02/04/sans-isc-diary-detecting-undisclosed-vulnerabilities-security-tools-features/


*** Kodi-Erweiterung machte Anwender zu Botnetz-Zellen ***
---------------------------------------------
Anwender des Plug-ins "Exodus" für das Media-Center Kodi wurden zu unfreiwilligen Teilnehmern eines Botnets, das gezielte DDoS-Angriffe fuhr. Deren Ziel: Websites von Konkurrenten.
---------------------------------------------
https://heise.de/-3617777


*** NATO presents the Tallinn Manual 2.0 on International Law Applicable to cyberspace ***
---------------------------------------------
NATO's Cooperative Cyber Defense Centre of Excellence (CCDCOE) has published "Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations." Its world launch will be in Washington DC, February 8 at The Atlantic Council; followed by Europe at The Hague, February 13; and Tallinn, February 17.
---------------------------------------------
http://securityaffairs.co/wordpress/56004/cyber-warfare-2/nato-tallinn-manual-2-0.html


*** Slammer worm slithers back online to attack ancient SQL servers ***
---------------------------------------------
If you get taken down by this 13-year-old malware, you probably deserve it One of the worlds most famous net menaces, SQL Slammer, has resumed attacking servers some 13 years after it set records by infecting 75,000 servers in 10 minutes, researchers say.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/05/sql_slammer_back/


*** Microsofts DRM can expose Windows-on-Tor users IP address ***
---------------------------------------------
Anonymity-lovers best not watch movies as .WMV files Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsofts DRM system.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/06/microsoft_drm_and_tor/


*** Bugtraq: ZoneMinder - multiple vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540093


*** Anbieter des WordPress-Plugin BlogVault gehackt ***
---------------------------------------------
Hacker haben bei einem Server-Einbruch Daten von BlogVault-Nutzern abgezogen. Anschließend sollen einige Webseiten, die auf das Plugin setzen, mit Malware infiziert worden sein, warnt der Anbieter.
---------------------------------------------
https://heise.de/-3618141


*** Lurk: Retracing the Group's Five-Year Campaign ***
---------------------------------------------
Fileless infections are exactly what their namesake says: theyre infections that dont involve malicious files being downloaded or written to the system's disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to gain privileges and persist in the system of interest to an attacker - all while staying under the radar.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kF9o3H2gLlM/


*** Überwachungsfirma Cellebrite: Hacker veröffentlicht iPhone-Cracking-Tools ***
---------------------------------------------
Wenn Software zum Knacken von Smartphones existiert, dann gelangt diese auch in die Hände Dritter, erklärt der Hacker, der die angeblich von einer Überwachungsfirma stammenden Tools veröffentlicht hat. Ähnlich argumentierte zuletzt auch Apple.
---------------------------------------------
https://heise.de/-3618462


*** Hacker hijacks thousands of publicly exposed printers to warn owners ***
---------------------------------------------
Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.
---------------------------------------------
http://www.cio.com/article/3166048/security/hacker-hijacks-thousands-of-publicly-exposed-printers-to-warn-owners.html#tk.rss_security


*** ENISA: Challenges of security certification in emerging ICT environments ***
---------------------------------------------
ENISA issues today its report on the Challenges of security certification in emerging ICT environments. The report is targeted at EU Member States (MS), the Commission, certification bodies and the private sector, and provides a thorough description of the cyber security certification status concerning the most critical equipment in various critical business sectors.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/challenges-of-security-certification-in-emerging-ict-environments


*** Chrome 57 [...] will no longer trust any StartSSL/Wosign issued certificates [...] ***
---------------------------------------------
Previous communication from Google (https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html) had read as though it would only be certificates issued since October 21, 2016 wouldnt be trusted. It then went onto say that it may not trust other certificates but didnt really say what that meant.
---------------------------------------------
https://forums.whirlpool.net.au/forum-replies.cfm?t=2605051


*** Six Best Practices for Securing a Robust Domain Name System (DNS) Infrastructure ***
---------------------------------------------
The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong.
---------------------------------------------
https://insights.sei.cmu.edu/sei_blog/2017/02/six-best-practices-for-securing-a-robust-domain-name-system-dns-infrastructure.html


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021796
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation ***
http://www.ibm.com/support/docview.wss?uid=swg21993091
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998167
---------------------------------------------