[CERT-daily] Tageszusammenfassung - Mittwoch 11-01-2017

Wed Jan 11 18:35:14 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 10-01-2017 18:00 − Mittwoch 11-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** How to secure MongoDB - because it isnt by default and thousands of DBs are being hacked ***
---------------------------------------------
Stop right now and make sure youve configured it correctly The rise in ransomware attacks on MongoDB installations prompted the database maker last week to issue advice on how to avoid being victimized.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/mongodb_ransomware_followup/


*** Phishing per Autofill: Chrome, Safari, Opera und Erweiterungen wie LastPass angreifbar ***
---------------------------------------------
Chromium-basierte Browser, Safari und beliebte Erweiterungen wie der Passwortmanager LastPass lassen sich austricksen, um mehr über den Nutzer preiszugeben, als dieser ahnt.
---------------------------------------------
https://heise.de/-3593811


*** Injection of Unwanted Google AdSense Ads ***
---------------------------------------------
During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It's not uncommon to see adult ads since networks that work with the porn industry usually allow a higher level of anonymity and have less strict guidelines (if any) on the quality...
---------------------------------------------
https://blog.sucuri.net/2017/01/injection-unwanted-google-adsense-ads.html


*** Spora Ransomware Works Offline, Has the Most Sophisticated Payment Site as of Yet ***
---------------------------------------------
A new ransomware family made its presence felt today, named Spora, the Russian word for "spore." This new ransomwares most notable features are its solid encryption routine, ability to work offline, and a very well put together ransom payment site, the most sophisticated weve seen from ransomware authors as of yet. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offline-has-the-most-sophisticated-payment-site-as-of-yet/


*** Juniper warns: Borked upgrade opens root on firewalls ***
---------------------------------------------
Turn it off and turn it back on again. No, really Juniper is warning users of its SRX firewalls that a borked upgrade leaves a root-level account open to the world.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/01/11/juniper_warns_borked_upgrade_opens_root_on_firewalls/


*** Hancitor/Pony/Vawtrak malspam, (Wed, Jan 11th) ***
---------------------------------------------
Introduction Until recently, I hadnt personally seen much malicious spam (malspam) using Microsoft office documents with Hancitor-based Visual Basic (VB) macros to send Pony and Vawtrak. It still happens, though. Occasionally, Ill find a report like this one from 2016-12-19, where Hancitor/Pony/Vawtrak malspam was disguised as a LogMeIn account notification, but I rarely come across an example on my own. At least until yesterday. This diary describes a recent wave of Hancitor/Pony/Vawtrak...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21919&rss


*** MS17-JAN - Microsoft Security Bulletin Summary for January 2017 - Version: 1.1 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS17-JAN


*** Bugtraq: ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539992
http://www.securityfocus.com/archive/1/539993
http://www.securityfocus.com/archive/1/539995


*** Vuln: Ansible CVE-2016-9587 Arbitrary Command Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95352


*** VU#767208: ThreatMetrix SDK for iOS fails to validate SSL certificates ***
---------------------------------------------
Vulnerability Note VU#767208 ThreatMetrix SDK for iOS fails to validate SSL certificates Original Release date: 10 Jan 2017 | Last revised: 10 Jan 2017   Overview On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack.  Description ThreatMetrix is a security library for mobile applications, which aims to provide fraud prevention and device identity...
---------------------------------------------
http://www.kb.cert.org/vuls/id/767208


*** DFN-CERT-2017-0041: BlackBerry Enterprise Server: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0041/


*** BSRT-2017-003 Vulnerability in WatchDox Server components impacts WatchDox by BlackBerry ***
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?articleNumber=000038915


*** DFN-CERT-2017-0045: WebKitGTK+: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0045/


*** GnuTLS Lets Remote Users Execute Arbitrary Code on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1037576


*** DFN-CERT-2017-0047: GnuTLS: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0047/


*** Vuln: PHP CVE-2017-5340 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95371


*** Bugtraq: Bit Defender #39 - Auth Token Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/539999


*** Vuln: Computer Associates Service Desk Manager CVE-2016-10086 Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95366


*** Security Advisory - DoS Vulnerability in Multiple Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-01-parser-en


*** Security Advisory - Camera DOS Vulnerability in ION Memory Management Module of Huawei Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170111-01-smartphone-en


*** Security Notice - Statement on SaifAllah BenMassaoud Revealing CSRF Security Vulnerability in Huawei B660 Routers ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170111-01-b660-en


*** Vuln: SAP Products ***
---------------------------------------------
*** Vuln: SAP Single Sign On Denial of Service Vulnerability ***
http://www.securityfocus.com/bid/95363
---------------------------------------------
*** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability ***
http://www.securityfocus.com/bid/95362
http://www.securityfocus.com/bid/95365
---------------------------------------------
*** Vuln: SAP NetWeaver AS JAVA getUserUddiElements SQL Injection Vulnerability ***
http://www.securityfocus.com/bid/95364
---------------------------------------------
*** Vuln: SAP NetWeaver Application Server Java Portal App Component Cross Site Scripting Vulnerability ***
http://www.securityfocus.com/bid/95368
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Hard-coded credentials used in IBM dashDB Local (CVE-2016-8954) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994471
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-5597) ***
http://www.ibm.com/support/docview.wss?uid=swg21995685
---------------------------------------------
*** IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5881) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995122
---------------------------------------------
*** IBM Security Bulletin: January 2015 OpenSSL security vulnerabilities in Multiple IBM N Series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009328
---------------------------------------------
*** IBM Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009593
---------------------------------------------