[CERT-daily] Tageszusammenfassung - Montag 27-02-2017
Daily end-of-shift report
team at cert.at
Mon Feb 27 18:18:40 CET 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Freitag 24-02-2017 18:00 − Montag 27-02-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Project Zero: Erneut ungepatchter Microsoft-Bug veröffentlicht ***
---------------------------------------------
Project Zero meint es ernst: Zum dritten Mal innerhalb weniger Monate gibt es einen Bugreport ohne Patch von Microsoft. Dieses Mal handelt es sich um einen Type-Confusion-Fehler in Internet Explorer und Edge.
---------------------------------------------
https://www.golem.de/news/project-zero-erneut-ungepatchter-microsoft-bug-veroeffentlicht-1702-126423-rss.html
*** DFN-CERT-2017-0348: Microsoft Internet Explorer, Microsoft Edge: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes ***
---------------------------------------------
Ein entfernter, nicht authentifizierter Angreifer, welcher einen Benutzer zum Besuch einer bösartig manipulierten Webseite verleiten kann, kann die Schwachstelle ausnutzen, um einen Denial-of-Service (DoS)-Zustand zu bewirken oder beliebigen Programmcode zur Ausführung zu bringen. Diese Schwachstelle wird von dem Google Projekt Zero veröffentlicht, da der Zeitraum, der dem Hersteller zum Beheben der Schwachstelle eingeräumt wurde (90 Tage), abgelaufen ist. Ein Sicherheitsupdate steht derzeit noch nicht zur Verfügung. Ein Proof-of-Concept zur Ausnutzung der Schwachstelle ist ebenfalls verfügbar.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0348/
*** Cloudflare data leak...what does it mean to me?, (Fri, Feb 24th) ***
---------------------------------------------
The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is that in raresituations, a bug in Cloudflares edge servers could be triggered, which would cause a buffer overrun to occur. When these buffer overruns occurred, random data would be returned in the replies from the Cloudflare servers. This data would be data from any of Cloudflares customer...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=22113&rss
*** Zahlungsverkehr: Swift verlangt bessere Cyberabwehr ***
---------------------------------------------
Im Kampf gegen Cyberkriminelle verlangt das Zahlungsverkehrssystem Swift größere Anstrengungen seitens der angeschlossenen Banken.
---------------------------------------------
https://futurezone.at/b2b/zahlungsverkehr-swift-verlangt-bessere-cyberabwehr/248.531.357
*** DSA-3795 bind9 - security update ***
---------------------------------------------
It was discovered that a maliciously crafted query can cause ISCsBIND DNS server (named) to crash if both Response Policy Zones (RPZ)and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. Itis uncommon for both of these options to be used in combination, sovery few systems will be affected by this problem in practice.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3795
*** SHA1 Collision Attack Makes Its First Victim: Subversion Repositories ***
---------------------------------------------
It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-its-first-victim-subversion-repositories/
*** DSA-3796 apache2 - security update ***
---------------------------------------------
Several vulnerabilities were discovered in the Apache2 HTTP server.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3796
*** More on Bluetooth Ingenico Overlay Skimmers ***
---------------------------------------------
This blog has featured several stories about "overlay" card and PIN skimmers made to be placed atop Ingenico-brand card readers at store checkout lanes. Im revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles on Ingenico overlay skimmers.
---------------------------------------------
https://krebsonsecurity.com/2017/02/more-on-bluetooth-ingenico-overlay-skimmers/
*** Gefälschte Oberbank-Nachricht: Konto gesperrt! ***
---------------------------------------------
Kund/innen erhalten scheinbar eine E-Mail der Oberbank. Darin heißt es, dass es zu einem nicht autorisierten Zugriff auf ihr Konto gekommen sei. [...] Es handelt sich um einen Phishingversuch!
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-oberbank-nachricht-konto-gesperrt/
*** Cyber extortionists hold MySQL databases for ransom ***
---------------------------------------------
Ransomware has become cyber crooks' favorite attack methodology for hitting businesses, but not all cyber extortion attempts are effected with this particular type of malware. Since the beginning of the year, we have witnessed attackers compromising databases, exfiltrating data from them, wiping them and then asking for money (0.2 BTC) in order to return the data. They ransacked MongoDB, CouchDB and Hadoop databases, and now they've set MySQL databases in their sights. According to...
---------------------------------------------
https://www.helpnetsecurity.com/2017/02/27/mysql-databases-ransom/
*** Security products and HTTPS: lets do it better ***
---------------------------------------------
A recent paper showed that many HTTPS-intercepting security solutions have implemented TLS rather poorly. Does that mean we should avoid such solutions altogether?
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/02/security-products-and-https-lets-do-it-better/
*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: Slowloris denial-of-service attack vulnerability CVE-2007-6750 ***
https://support.f5.com:443/kb/en-us/solutions/public/12000/600/sol12636.html?ref=rss
---------------------------------------------
*** Security Advisory: Linux kernel vulnerability CVE-2016-9555 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/54/sol54095660.html?ref=rss
---------------------------------------------
*** Security Advisory: Expat XML library vulnerability CVE-2015-2716 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50459349.html?ref=rss
---------------------------------------------
*** Security Advisory: libarchive vulnerability CVE-2016-8688 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/35/sol35263486.html?ref=rss
---------------------------------------------
*** Security Advisory: libarchive vulnerability CVE-2016-8689 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52697522.html?ref=rss
---------------------------------------------
*** Security Advisory: libarchive vulnerability CVE-2016-8687 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/13/sol13074505.html?ref=rss
---------------------------------------------
*** Security Advisory: Linux kernel vulnerability CVE-2016-4998 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/74/sol74171196.html?ref=rss
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2017-3732 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/44/sol44512851.html?ref=rss
---------------------------------------------
*** Security Advisory: F5 TLS vulnerability CVE-2016-9244 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05121675.html?ref=rss
---------------------------------------------
*** Security Advisory: PHPMailer vulnerability CVE-2016-10045 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/73/sol73926196.html?ref=rss
---------------------------------------------
*** Security Advisory: BIG-IP REST vulnerability CVE-2016-6249 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/12/sol12685114.html?ref=rss
---------------------------------------------
*** Security Advisory: GnuTLS vulnerabilities CVE-2017-5335, CVE-2017-5336, and CVE-2017-5337 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/59/sol59836191.html?ref=rss
---------------------------------------------
*** Security Advisory: perl-XML-Twig vulnerability CVE-2016-9180 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/08/sol08383757.html?ref=rss
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2017-3731 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/37/sol37526132.html?ref=rss
---------------------------------------------
*** Security Advisory: BIND vulnerability CVE-2017-3135 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/80/sol80533167.html?ref=rss
---------------------------------------------
*** Security Advisory: libxml2 vulnerability CVE-2015-8806 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/04/sol04450715.html?ref=rss
---------------------------------------------
*** Security Advisory: GnuTLS vulnerability CVE-2017-5334 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31336596.html?ref=rss
---------------------------------------------
*** Security Advisory: iControl vulnerability CVE-2016-9256 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/47/sol47284724.html?ref=rss
---------------------------------------------
*** Security Advisory: TMM vulnerability CVE-2016-9245 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/22/sol22216037.html?ref=rss
---------------------------------------------
More information about the Daily
mailing list