[CERT-daily] Tageszusammenfassung - Montag 20-02-2017

Daily end-of-shift report team at cert.at
Mon Feb 20 18:23:29 CET 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 17-02-2017 18:00 − Montag 20-02-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a




*** Android for Work Security Containers Bypassed with Relative Ease ***
---------------------------------------------
Mobile security experts from Skycure have found two methods for bypassing the security containers put around "Android for Work," allowing attackers to access business data saved in this seemingly secure environment.
---------------------------------------------
https://www.bleepingcomputer.com/news/mobile/android-for-work-security-containers-bypassed-with-relative-ease/




*** Users Continue to Install Malware on Their Phone 5 Years After Adobe Discontinued Flash for Android ***
---------------------------------------------
It is unbelievable that almost five years after Adobe announced it would stop developing Flash Player for Android, users are still installing a non-existent piece of software, which in almost all cases is just malware in disguise.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/users-continue-to-install-malware-on-their-phone-5-years-after-adobe-discontinued-flash-for-android/




*** Google bellows bug news after Microsoft sails past fix deadline ***
---------------------------------------------
Mess in Windows graphics library can give bad hombres access to memory Googles Project Zero has again revealed a Windows bug before Microsoft fixed it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/20/google_project_zero_discloses_microsoft_bug_again/




*** Mongoaudit Helps You Secure MongoDB Databases ***
---------------------------------------------
A new tool developed by engineers at Stampery can help database administrators audit the security features of their current MongoDB installations, and take precautionary measures to prevent future exploitation.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/mongoaudit-helps-you-secure-mongodb-databases/




*** BIOS/UEFI mit Ransomware infiziert ***
---------------------------------------------
Sicherheitsforscher haben gezeigt, dass sich das BIOS/UEFI eines Computers trotz aktuellem Windows 10 und diversen aktivierten Sicherheitsmechanismen mit einem Erpressungstrojaner infizieren lässt.
---------------------------------------------
https://heise.de/-3630662




*** Spam and phishing in 2016 ***
---------------------------------------------
2016 saw a variety of changes in spam flows, with the increase in the number of malicious mass mailings containing ransomware being the most significant. These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall.
---------------------------------------------
http://securelist.com/analysis/kaspersky-security-bulletin/77483/kaspersky-security-bulletin-spam-and-phishing-in-2016/




*** SAP Security for Beginners. Part 6: SAP Risks  Fraud ***
---------------------------------------------
Welcome to the latest part of SAP Risks. After we finished with Espionage and Sabotage, let's eat the last piece of this "sweet cake" dubbed Fraud. In my opinion, fraud is the most common issue in ERP System and other business applications.
---------------------------------------------
http://resources.infosecinstitute.com/sap-security-beginners-part-6-sap-risks-fraud/




*** DFN-CERT-2017-0302: Suricata: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
Mehrere nicht näher spezifizierte Schwachstellen in Suricata ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe aufgrund von Speicherlecks und Lesezugriffen außerhalb zugewiesenen Speichers. Der Hersteller informiert über die Schwachstellen und stellt Suricata 3.2.1 zur Behebung dieser Schwachstellen bereit.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0302/




*** tenable: [R1] SecurityCenter 5.4.3 File Upload unserialize() Function PHP Object Handling Remote File Deletion ***
---------------------------------------------
SecurityCenter was found to use the PHP unserialize() function in several places in such a way that may allow a remote authenticated attacker to upload a crafted PHP object that resulted in the deletion of arbitrary files.
---------------------------------------------
http://www.tenable.com/security/tns-2017-05




*** WordPress Security - Fake TrafficAnalytics Website Infection ***
---------------------------------------------
Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. ... Recently, a new variation of this type of infection has emerged. The new campaign uses trafficanalytics[.]online as the source for the injected script.
---------------------------------------------
https://blog.sucuri.net/2017/02/fake-trafficanalytics-website-infection.html




*** Penetration Testing Tools Cheat Sheet ***
---------------------------------------------
Penetration testing tools cheat sheet, a quick reference high level overview for typical penetration testing engagements. Designed as a quick reference cheat sheet providing a high level overview of the typical commands you would run when performing a penetration test.
---------------------------------------------
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: DOM-based cross-site scripting vulnerability affects IBM Advanced Management Module (AMM) for BladeCenter Systems ***
http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099544
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2017-3731) ***
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory23.asc
---------------------------------------------





More information about the Daily mailing list