[CERT-daily] Tageszusammenfassung - Donnerstag 12-01-2017

Thu Jan 12 18:26:59 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 11-01-2017 18:00 − Donnerstag 12-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Personalisierte card complete-Phishingmail ***
---------------------------------------------
Eine personalisierte cardcomplete-Phishingmail, die EmpfÄnger/innen direkt beim Namen benennt, ist im Umlauf. In dieser behaupten Kriminelle, dass es zu verdÄchtigen Transaktionen gekommen sei, weshalb Kund/innen sich auf einer Website legitimieren sollen. Es handelt sich um einen Versuch, mit dem Kriminelle an fremde Kreditkartendaten gelangen wollen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/personalisierte-card-complete-phishingmail/


*** The Most Dangerous User Right You (Probably) Have Never Heard Of ***
---------------------------------------------
One user right I overlooked, until Ben Campbell's post on constrained delegation, was SeEnableDelegationPrivilege. This right governs whether a user account can "Enable computer and user accounts to be trusted for delegation." Part of the reason I overlooked it is stated right in the documentation:...
---------------------------------------------
http://www.harmj0y.net/blog/activedirectory/the-most-dangerous-user-right-you-probably-have-never-heard-of/


*** Sicherheitsloch im Herzschrittmacher ***
---------------------------------------------
Ein Firmware-Update soll Patienten mit Herzschrittmachern oder implantierten Defibrillatoren davor schützen, dass Hacker die Kontrolle über die Geräte übernehmen. Es gibt jedoch Zweifel daran, dass die Geräte nach dem Update sicher sind.
---------------------------------------------
https://heise.de/-3593932


*** Latest Adobe Acrobat Reader Update Silently Installs Chrome Extension ***
---------------------------------------------
An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the users Chrome browser. There is no mention of this "special package" on Acrobats changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page theyre on as a PDF file and share...
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/s_zCwl6BNOY/latest-adobe-acrobat-reader-update-silently-installs-chrome-extension


*** Some tools updates, (Thu, Jan 12th) ***
---------------------------------------------
A coupleof tools were updated and release today.  Network Miner was updated. Version 2.1 is not available for download. Network Miner is packet sniffer/analyzer focused on extracting application layer forensic artifacts. The update adds new protocols and enhances email reassembly options. http://www.netresec.com/?page=Blogmonth=2017-01post=NetworkMiner-2-1-Released  BlackhillsInformation Security released a Powershellversion of theDNSCAT2client. DNSCAT2 is a popular command and control tool...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21925&rss


*** System Resource Utilization Monitor, (Thu, Jan 12th) ***
---------------------------------------------
The attackers have come and gone and youare left behind to clean up the mess. You arrive on site to figure out how the bad guysgot in, what they took and how badly it will affect the customer. But, the customer doesnt syslog the firewall logs, so youare limited to the three days of logs that are held in thefirewalls memory. The Windows Event logs on most of the systems roll over every 5 minutes, and there is no centralized long term logging. There is no IDS. There is no full packet capture.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21927&rss


*** Hintergrund: Open Bug Bounty: Sicherheitslücken gegen Prämie ***
---------------------------------------------
heise Security machte nicht ganz freiwillig Bekanntschaft mit einer bisher weitgehend unbekannten Plattform, auf der Hacker und andere Forscher Sicherheitslücken melden können.
---------------------------------------------
https://heise.de/-3593886


*** Ansible: Update soll kritischen Fehler in den 2.x-Versionen beheben ***
---------------------------------------------
Da die Schwachstelle als hohes Risiko eingestuft wird, haben die Macher Release Candidates der Versionen 2.1.4 und 2.2.1 veröffentlicht, die den Fehler beheben.
---------------------------------------------
https://heise.de/-3594254


*** Rent an IP, Own a Domain ***
---------------------------------------------
The other day I was on a mission to locate a contact of mine that lived nearby. I had an address, but no phone, or email address. So I got the GPS out, programmed in the address, and away I went. Arriving at the location, I turned into the driveway, and it was an apartment...
---------------------------------------------
https://blog.domaintools.com/2017/01/rent-an-ip-own-a-domain/


*** WordPress 4.7.1 Security and Maintenance Release ***
---------------------------------------------
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
---------------------------------------------
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/


*** Bugtraq: ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540011


*** Vuln: libgit2 badssl.c Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95354


*** Bugtraq: IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540003


*** Vuln: Zimbra CVE-2016-3403 Multiple Cross Site Request Forgery Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95383


*** NetIQ Privileged Account Manager 3.0.1 HF3 (3.0.1-3) ***
---------------------------------------------
Abstract: NetIQ Privileged Account Manager 3.0.1 Hot Fix 3 (3.0.1.3). The purpose of the patch is to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities. This release addresses does not contain new features.Document ID: 5267862Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:netiq-npam-packages-3.0.1-3.tar.gz (175.63 MB)Products:Privileged Account Manager 3.0.1Superceded Patches:NetIQ Privileged Account Manager 3.0.1 HF 1NetIQ Privileged
---------------------------------------------
https://download.novell.com/Download?buildid=Ciuap7psZuo~


*** DFN-CERT-2017-0054: ISC BIND: Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0054/


*** Vuln: SAP NetWeaver XML External Entity Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95373


*** Vuln: SAP ERP Defence Forces and Public Security Remote Authorization Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/95367


*** Juniper Security Advisories ***
---------------------------------------------
*** JSA10772 - 2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303) ***
http://kb.juniper.net/index?page=content&id=JSA10772&actp=RSS
---------------------------------------------
*** JSA10774 - 2017-01 Security Bulletin: Network and Security Manager (NSM): Multiple OpenSSH vulnerabilities affect NSM Appliance OS. ***
http://kb.juniper.net/index?page=content&id=JSA10774&actp=RSS
---------------------------------------------
*** JSA10773 - 2017-01 Security Bulletin: QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600: Etherleak memory disclosure in Ethernet padding data (CVE-2017-2304) ***
http://kb.juniper.net/index?page=content&id=JSA10773&actp=RSS
---------------------------------------------
*** JSA10771 - 2017-01 Security Bulletin: Junos: Denial of Service vulnerability in RPD (CVE-2017-2302) ***
http://kb.juniper.net/index?page=content&id=JSA10771&actp=RSS
---------------------------------------------
*** JSA10770 - 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 16.1R1 release. ***
http://kb.juniper.net/index?page=content&id=JSA10770&actp=RSS
---------------------------------------------
*** JSA10769 - 2017-01 Security Bulletin: Junos: Denial of service vulnerability in jdhcpd due to crafted DHCPv6 packets (CVE-2017-2301) ***
http://kb.juniper.net/index?page=content&id=JSA10769&actp=RSS
---------------------------------------------
*** JSA10768 - 2017-01 Security Bulletin: Junos: SRX Series denial of service vulnerability in flowd due to crafted multicast packets (CVE-2017-2300) ***
http://kb.juniper.net/index?page=content&id=JSA10768&actp=RSS
---------------------------------------------


*** IBM Security Bulletin ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) IBM Java SDK updates October 2016 ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995972
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Netezza Analytics ***
http://www-01.ibm.com/support/docview.wss?uid=swg21995049
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Order Management is affected by a vulnerability (CVE-2016-5953) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994521
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in LMS 6.0 on Cloud ***
http://www.ibm.com/support/docview.wss?uid=swg21992072
---------------------------------------------