[CERT-daily] Tageszusammenfassung - Montag 9-01-2017

Mon Jan 9 19:26:34 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 05-01-2017 18:00 − Montag 09-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-01) ***
---------------------------------------------
A prenotification Security Advisory (APSB17-01) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, January 10, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1434


*** Great Misadventures of Security Vendors: Absurd Sandboxing Edition, (Fri, Jan 6th) ***
---------------------------------------------
Like many security researchers, I employ a variety of OPSEC techniques to help detect if I have been targeted by something for whatever reason. One of those techniques I use in Virustotal is basically a vanity Yara rule that looks for a variety of strings that would indicate malware was specifically targeting me or some data was uploaded that references me. Virustotal Intelligence is a useful too for doing that and many researchers have paid for access which allows you to also download samples...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21895&rss


*** Using Security Tools to Compromize a Network, (Sat, Jan 7th) ***
---------------------------------------------
One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox with our favourite tools.Yesterday, I read an interesting blog article about extracting saved credentials from a compromised Nessus system[1]. This in indeed a nice target forthe bad guy! Why? Such security tools deployed inside a network have interesting characteristics:  They have...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21903&rss


*** Erpressertrojaner griffen kürzlich mehr als 10.000 Datenbanken an ***
---------------------------------------------
Schwachstellen bei MongoDB ausgenutzt, Sicherheitsforscher sprechen von Angriffswelle
---------------------------------------------
http://derstandard.at/2000050382671


*** Sicherheitsupdates: LibVNCServer gegen Speicherfehler gerüstet ***
---------------------------------------------
Seit über zwei Jahren hat die Programmbibliothek keine Updates spendiert bekommen. Nun schließen die Entwickler zwei Schwachstellen.
---------------------------------------------
https://heise.de/-3591417


*** 11 Steps to Improve Your Public Wi-Fi Security [Updated] ***
---------------------------------------------
A day without Wi-Fi is a day not fully lived. We're (somewhat) exaggerating, but it's fair to say Wi-Fi has become a staple of the modern life.
---------------------------------------------
https://heimdalsecurity.com/blog/11-security-steps-public-wi-fi-networks/


*** SWIFT speaks on fraudulent messages and the security moves the cooperative is making to assist its customers ***
---------------------------------------------
The February 2016 attack on Bangladesh Bank which involved the sending of fraudulent SWIFT messages from the bank's environment, was followed by a number of other attacks on banks using the SWIFT network. The criminal hackers' intention is to compromise the banks' environments in order to gain their SWIFT credentials, send fraudulent messages and route payments to themselves. Since that time, the SWIFT cooperative has instituted measures ultimately designed to help their...
---------------------------------------------
http://www.cio.com/article/3155253/security/swift-speaks-on-fraudulent-messages-and-the-security-moves-the-cooperative-is-making-to-assist-its.html#tk.rss_security


*** FTC Takes D-Link to Court Because of Insecure Routers and Cameras ***
---------------------------------------------
The US Federal Trade Commission (FTC) has filed a lawsuit against D-Link, a Taiwanese hardware manufacturer, for misrepresentations about the security of various devices it sold in the US, and for failing to take action and secure devices when security flaws were reported. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ftc-takes-d-link-to-court-because-of-insecure-routers-and-cameras/


*** WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs ***
---------------------------------------------
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/wordpress-joomla-and-magento-continue-to-be-the-most-hacked-cmss/


*** DFN-CERT-2017-0027: OpenSSL: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ***
---------------------------------------------
Eine Schwachstelle in OpenSSL sowie den Derivaten wie z.B. LibreSSL und BoringSSL ermöglicht einem lokalen, nicht authentisierten Angreifer das Ausspähen von privatem Schlüsselmaterial.
Die Entwickler von OpenSSL stellen bislang noch keine Sicherheitsupdates zur Verfügung.
OpenBSD stellt Source Code Patches für die Versionen OpenBSD 5.9 und 6.0 als Sicherheitsupdates bereit.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0027/


*** NETGEAR ProSAFE Firewall Bug Lets Remote Users Traverse the Directory to View Files on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037548


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996761
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime and Apache Tomcat affects IBM RLKS Administration and Reporting Tool Admin (CVE-2016-5597, CVE-2016-3092) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995448
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009699
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere DataStage is vulnerable to Cross-Frame Scripting issue (CVE-2016-9000) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995257
---------------------------------------------
*** IBM Security Bulletin: IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability (CVE-2016-8999) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995155
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21995687
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995758
---------------------------------------------
*** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995691
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in 64-bit block ciphers affects IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2183, CVE-2016-6329) ***
http://www.ibm.com/support/docview.wss?uid=swg21993665
---------------------------------------------
*** IBM Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024708
---------------------------------------------