[CERT-daily] Tageszusammenfassung - Dienstag 10-01-2017

Tue Jan 10 18:11:08 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 09-01-2017 18:00 − Dienstag 10-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Adobe Security Bulletins posted ***
---------------------------------------------
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB17-01) and Adobe Flash Player (APSB17-02). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. 
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1438
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html


*** Rätselhafte Netzwerk-Aktivitäten mit GRE-Paketen ***
---------------------------------------------
Aufmerksame Admins verzeichnen aktuell auf ihren VPN-Gateways und Firewalls eine Zunahme von scheinbar sinnlosen GRE-Paketen. Die Ursache ist bislang unklar.
---------------------------------------------
https://heise.de/-3592231


*** Krebs's Immutable Truths About Data Breaches ***
---------------------------------------------
Ive had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction.
---------------------------------------------
https://krebsonsecurity.com/2017/01/krebss-immutable-truths-about-data-breaches/


*** Terror Exploit Kit? More like Error Exploit Kit ***
---------------------------------------------
Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-like-Error-Exploit-Kit/


*** Über 1000 deutsche Online-Shops infiziert und angezapft ***
---------------------------------------------
Bei über tausend deutschen Online-Shops ziehen Kriminelle jetzt gerade Kundendaten und Zahlungsinformationen ab - und das zum Teil schon seit Monaten. Laut BSI ignorieren viele Shop-Betreiber das Problem.
---------------------------------------------
https://heise.de/-3592281


*** Datenklau an Geldautomaten steigt an, Schaden sinkt ***
---------------------------------------------
Datendiebe haben an Geldautomaten in Deutschland wieder häufiger zugeschlagen. Trotz moderner Technik verursacht Skimming nach wie vor Millionenschäden. An anderer Stelle allerdings sind Bankkunden noch mehr gefährdet.
---------------------------------------------
https://heise.de/-3592571


*** A Review of Cryptography - Part 1 ***
---------------------------------------------
Overview of Last Articles Our last few articles have dealt with the science and technology of Biometrics. To review, it is merely the Verification and/or Identification of an individual based on their unique physiological traits or even behavioral mannerisms. This is probably one of the best forms of Security technology to use because it is...
---------------------------------------------
http://resources.infosecinstitute.com/a-review-of-cryptography-part-1/


*** Two New Edge Exploits Integrated into Sundown Exploit Kit ***
---------------------------------------------
Two recently published proof-of-concept exploits targeted Microsoft Edge were recently integrated into the Sundown Exploit Kit.
---------------------------------------------
http://threatpost.com/two-new-edge-exploits-integrated-into-sundown-exploit-kit/122974/


*** Port 37777 "MapTable" Requests, (Tue, Jan 10th) ***
---------------------------------------------
Thanks to Born for noticing an increase in %%port:37777%% TCP traffic. He wrote a blog with some of the payloads he found, and after he notified us, I was able to confirm his observations in our honeypot [1]. First 32 bytes of the payload: c1 00 00 00 00 14 00 00 63 6f 6e 66 69 67 00 00 c. o. n. f. i. g 31 00 00 00 00 00 00 00 ">{ Enable : 1, MapTable : [ { Enable : 1, InnerPort : 85, OuterPort : 85, Protocol : TCP, ServiceName : HTTP }, { Enable : 1, InnerPort : 37777, OuterPort :...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21913&rss


*** Vuln: DLink DGS-1100 Switch CVE-2016-10125 Local Hardcoded SSL Certificate Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95329


*** St. Jude Merlin at home Transmitter Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a channel accessible by non-endpoint vulnerability in St. Jude Medical's Merlin at home transmitter.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01


*** Intel Ethernet Controller X710/XL710 NVM Security Vulnerability ***
---------------------------------------------
A security vulnerability in the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. Under certain use conditions the Ethernet controller will stop sending and receiving data until the controller is reset. All NVM versions 5.04 and earlier contain this vulnerability which is fully mitigated in NVM version 5.05.
---------------------------------------------
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr


*** DFN-CERT-2017-0034: Foxit Reader, Foxit PhantomPDF, Foxit PDF Toolkit: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0034/


*** Moodle 3.2.1 release notes ***
---------------------------------------------
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
---------------------------------------------
https://docs.moodle.org/dev/Moodle_3.2.1_release_notes


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993856
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986) ***
http://www.ibm.com/support/docview.wss?uid=swg21996503
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995206
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995198
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378) ***
http://www.ibm.com/support/docview.wss?uid=swg21996502
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in SnapDrive for Windows may Result in Disclosure of Sensitive Information （CVE-2015-8544） ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009256
---------------------------------------------