[CERT-daily] Tageszusammenfassung - Freitag 10-02-2017

Fri Feb 10 18:09:58 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 09-02-2017 18:00 − Freitag 10-02-2017 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** ENISA study on the security aspects of virtualization ***
---------------------------------------------
The report provides an analysis on the current status of security of virtualization, by presenting current technologies affected, risks, efforts, gaps, and the impact the latter have on environments based on virtualization technologies.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-study-on-the-security-aspects-of-virtualization


*** A Feeding Frenzy to Deface WordPress Sites ***
---------------------------------------------
In this report we share data on the ongoing flood of WordPress REST-API exploits we are seeing in the wild. We include data on 20 different site defacement campaigns we are currently tracking.
---------------------------------------------
https://www.wordfence.com/blog/2017/02/rest-api-exploit-feeding-frenzy-deface-wordpress-sites/


*** RCE Attempts Against the Latest WordPress REST API Vulnerability ***
---------------------------------------------
We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could. The RCE attempts we are seeing in the wild do not affect every WordPress sites, only the ones using plugins that allow for PHP execution from within posts and pages.
---------------------------------------------
https://blog.sucuri.net/2017/02/rce-attempts-against-the-latest-wordpress-rest-api-vulnerability.html


*** De-Anonymizing Browser History Using Social-Network Data ***
---------------------------------------------
Interesting research: "De-anonymizing Web Browsing Data with Social Networks":Abstract: Can online trackers and network adversaries de-anonymize web browsing data readily available to them? We show -- theoretically, via simulation, and through experiments on real user data -- that de-identified web browsing histories can\ be linked to social media profiles using only publicly available data. Our approach is based on a simple observation: each person has a distinctive social network,...
---------------------------------------------
https://www.schneier.com/blog/archives/2017/02/de-anonymizing_1.html


*** CERT updates insider threat guidebook ***
---------------------------------------------
The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University released the fifth edition of the Common Sense Guide to Mitigating Insider Threats. The guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so.
---------------------------------------------
https://www.helpnetsecurity.com/2017/02/10/insider-threat-guidebook/


*** ENISA issues Smartphone Development Guidelines ***
---------------------------------------------
ENISA publishes an update of the Smartphone Development Guidelines.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/enisa-issues-smartphone-development-guidelines


*** Hacking Guatemala's DNS - Spying on Active Directory Users By Exploiting a TLD Misconfiguration ***
---------------------------------------------
In search of new interesting high-impact DNS vulnerabilities I decided to take a look at the various top-level domains (TLDs) and analyze their configurations for errors. Upon some initial searching it turns out there is a nice open source service which helps DNS administrators scan their domains for misconfigurations called DNSCheck written by The Internet Foundation in Sweden. This tool helps highlight all sorts of odd DNS misconfigurations such as having an...
---------------------------------------------
https://thehackerblog.com/hacking-guatemalas-dns-spying-on-active-directory-users-by-exploiting-a-tld-misconfiguration/


*** Unpatched (0day) jQuery Mobile XSS ***
---------------------------------------------
TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and theres nothing you can do about it, theres not even patch
---------------------------------------------
http://sirdarckcat.blogspot.co.at/2017/02/unpatched-0day-jquery-mobile-xss.html


*** Multiple cross-site scripting vulnerabilities in Webmin ***
---------------------------------------------
Webmin contains multiple cross-site scripting vulnerabilities.
---------------------------------------------
http://jvn.jp/en/jp/JVN34207650/


*** Western Digital My Cloud 2.21.119 Authentication Bypass ***
---------------------------------------------
Topic: Western Digital My Cloud 2.21.119 Authentication Bypass Risk: High Text: Authentication bypass vulnerability in Western Digital My Cloud Remco Verm...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017020093


*** Hanwha Techwin Smart Security Manager ***
---------------------------------------------
This advisory contains mitigation detail for remote code execution vulnerabilities in Hanwha Techwins Smart Security Manager.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01


*** DFN-CERT-2017-0251: Xen, QEMU: Eine Schwachstelle ermöglicht das Ausspähen von Informationen und die Eskalation von Privilegien ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0251/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997743
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php5 vulnerabilities (CVE-2016-6911, CVE-2016-8670) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024834
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a kernel vulnerability ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024807
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple cURL/libcURL vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024808
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a libgcrypt vulnerability (CVE-2016-6313) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024832
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affect Rational Tau (CVE-2016-2180) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994132
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affect Rational Tau (CVE-2016-2177) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993836
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple glibc vulnerabilities (CVE-2016-1234, CVE-2016-3706, CVE-2016-4429) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024831
---------------------------------------------