[CERT-daily] Tageszusammenfassung - Mittwoch 25-01-2017

Wed Jan 25 18:18:15 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 24-01-2017 18:00 − Mittwoch 25-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Kritische Sicherheitslücke in der Webshop-Software Shopware ***
---------------------------------------------
Die vor allem in Deutschland beliebte Software aus Schöppingen hat eine Schwachstelle, über die Angreifer beliebigen Schadcode ausführen können.
---------------------------------------------
https://heise.de/-3606627


*** VB2016 paper: Great crypto failures ***
---------------------------------------------
Crypto is hard, and malware authors often make mistakes. At VB2016, Check Point researchers Yaniv Balmas and Ben Herzog discussed the whys and hows of some of the crypto blunders made by malware authors. Today, we publish their paper and the recording of their presentation.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/01/vb2016-paper-great-crypto-failures/


*** Call for Papers: VB2017 ***
---------------------------------------------
We have opened the Call for Papers for VB2017. We are particularly interested in receiving submissions from those working outside the security industry itself.
---------------------------------------------
https://www.virusbulletin.com:443/blog/2017/01/call-papers-vb2017/


*** Malicious SVG Files in the Wild, (Tue, Jan 24th) ***
---------------------------------------------
In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people [1]. SVG files (or Scalable Vector Graphics) are vector images that can be displayed in most modern browsers (natively or via a specific plugin). More precisely, Internet Explorer 9 supports the basic SVG feature sets and IE10 extended the support by adding SVG 1.1 support. In the Microsoft Windows operating system,SVG files are handled by Internet Explorer by default. From a file format point...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21971&rss


*** Sicherheitspatch: Western Digital My Cloud Mirror empfänglich für Schadcode ***
---------------------------------------------
Besitzer des Netzwerkspeichers sollten aus Sicherheitsgründen prüfen, dass sie die aktuelle Firmware installiert haben.
---------------------------------------------
https://heise.de/-3606909


*** Trojan Transforms Linux Devices into Proxies for Malicious Traffic ***
---------------------------------------------
Security researchers have uncovered a new trojan that targets Linux devices that is capable of transforming infected machines into proxy servers and relay malicious traffic, hiding the true origin of attacks or other nefarious activities. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trojan-transforms-linux-devices-into-proxies-for-malicious-traffic/


*** Capturing Pattern-Lock Authentication ***
---------------------------------------------
Interesting research -- "Cracking Android Pattern Lock in Five Attempts": Abstract: Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. In this paper, we demonstrate a novel video-based attack to reconstruct Android lock patterns from video footage filmed u sing a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer...
---------------------------------------------
https://www.schneier.com/blog/archives/2017/01/capturing_patte.html


*** Wartungsarbeiten Dienstag, 31. 1. 2017 ***
---------------------------------------------
http://www.cert.at/services/blog/20170125134029-1890.html


*** Detecting threat actors in recent German industrial attacks with Windows Defender ATP ***
---------------------------------------------
When a Germany-based industrial conglomerate disclosed in December 2016 that it was breached early that year, the breach was revealed to be a professionally run industrial espionage attack. According to the German press, the intruders used the Winnti family of malware as their main implant, giving them persistent access to the conglomerate's network as early...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/


*** Lücke in Samsung-Handys: Endlos-Bootschleife durch Killer-SMS ***
---------------------------------------------
Samsung hat eine Lücke in älteren Geräten gestopft, die missbraucht werden kann, diese in eine Bootschleife zu versetzen und Angreifern wahrscheinlich auch die Möglichkeit gibt, Schadcode auszuführen. Geräte anderer Hersteller sind wohl noch verwundbar.
---------------------------------------------
https://heise.de/-3607266


*** DFN-CERT-2017-0142: Mozilla Firefox, Firefox ESR, Tor Browser: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0142/


*** IDM 4.5 SAP User Driver Version 4.0.1.0 ***
---------------------------------------------
Abstract: Patch update for the NetIQ Identity Manager SAP User Manager driver with the SAP JCO version 3. This patch will take the driver version to 4.0.1.0. You must have IDM 4.5 or later to use this driver. You should only use this patch if you are using SAP JCO3. It will not work with SAP JCO2. NetIQ recommends that users of SAP JCO2 transition to SAP JCO3 and use the IDM SAP User Manager driver for JCO3. Future versions of IDM do not support SAP JCO2.Document ID: 5269090Security Alert:...
---------------------------------------------
https://download.novell.com/Download?buildid=juq3iF7EF5o~


*** Citrix Provisioning Services Multiple Security Updates ***
---------------------------------------------
https://support.citrix.com/article/CTX219580


*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
https://support.citrix.com/article/CTX220112


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Security Vulnerability affecting FileNet Content Manager and IBM Content Foundation (CVE-2013-5462) ***
http://www.ibm.com/support/docview.wss?uid=swg21994241
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector for SAP Applications (CVE-2016-5597) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996483
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Enterprise Content Management System Monitor ***
http://www-01.ibm.com/support/docview.wss?uid=swg21997196
---------------------------------------------


*** Huawei Security Advisories ***
---------------------------------------------
*** Security Advisory - Authentication Bypass Vulnerability in the Find Phone Function of some Huawei Smart Phones ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-smartphone-en
---------------------------------------------
*** Security Advisory - Two Security Vulnerabilities in Huawei EMUI ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-emui-en
---------------------------------------------
*** Security Advisory - Improper Permission Control Vulnerability in Huawei Vmall Alert Service ***
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170125-01-vmall-en
---------------------------------------------


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas
---------------------------------------------
*** Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence
---------------------------------------------
*** Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway
---------------------------------------------
*** Cisco WebEx Browser Extension Remote Code Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
---------------------------------------------


*** HP Security Bulletins ***
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information ***
http://www.securityfocus.com/archive/1/540044
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access ***
http://www.securityfocus.com/archive/1/540048
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) ***
http://www.securityfocus.com/archive/1/540047
---------------------------------------------
*** Bugtraq: [security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities ***
http://www.securityfocus.com/archive/1/540046
---------------------------------------------