[CERT-daily] Tageszusammenfassung - Donnerstag 26-01-2017

Thu Jan 26 18:16:28 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 25-01-2017 18:00 − Donnerstag 26-01-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** VirLocker's comeback; including recovery instructions ***
---------------------------------------------
Virlocker is back, the nightmare is still real. But we have found a way to at least recover your important files even if the affected machine can be considered a loss.Categories:  Malware Threat analysisTags: file infectingfile recoverymalwarepolymorphicransomwareself propagatingVirLockVirlocker(Read more...)
---------------------------------------------
https://blog.malwarebytes.com/threat-analysis/2017/01/virlockers-comeback-including-recovery-instructions/


*** Cisco WebEx code execution hole - what you need to know ***
---------------------------------------------
Googles Project Zero found a serious hole in Ciscos WebEx browser extension that is nearly but not yet fully fixed. Heres what to do.
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/XBY4vnKgI4U/


*** Powerful Android RAT impersonates Netflix app ***
---------------------------------------------
Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. The latest example of this is the fake Netflix app spotted by Zscaler researchers. The fake app looks genuine at first glance, as it sports the same icon the actual legitimate Netflix app uses. But once it is installed on a smartphone or tablet and the victim clicks on it, it vanishes from...
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/26/android-rat-netflix-app/


*** Android VPN Apps Caught Intercepting Traffic, Failing to Encrypt ***
---------------------------------------------
New research released this week reveals that a large chunk of today Android VPN clients are a serious security and privacy risk, with some clients failing to encrypt traffic, and some even injecting ads in a customers browsing experience. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-vpn-apps-caught-intercepting-traffic-failing-to-encrypt/


*** Shamoon disk-wiping attackers can now destroy virtual desktops, too ***
---------------------------------------------
Mystery malware begins targeting a key disk-wiping defense.
---------------------------------------------
https://arstechnica.com/security/2017/01/shamoon-disk-wiping-malware-can-now-destroy-virtual-desktops-too/


*** Analysis of new Shamoon infections ***
---------------------------------------------
All of the initial analysis pointed to Shamoon emerging in the Middle East. This however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 Shamoon incidents had been reported from public to private sector.
---------------------------------------------
https://www.helpnetsecurity.com/2017/01/26/shamoon-infections/


*** Gefälschte A1-Phishingmail: Neue Messaging-Plattform ***
---------------------------------------------
Kriminelle versenden eine gefälschte A1 Online-Nachricht. Sie hat das Betreff "Maßnahme erforderlich: Neue Messaging-Plattform" und fordert von Empfänger/innen, dass sie ihre Zugangsdaten auf einer Website bekannt geben.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschte-a1-phishingmail-neue-messaging-plattform/


*** OpenSSL Security Advisory [26 Jan 2017] ***
---------------------------------------------
Truncated packet could crash via OOB read (CVE-2017-3731) Bad (EC)DHE parameters cause a client crash (CVE-2017-3730) BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) Montgomery multiplication may produce incorrect results (CVE-2016-7055) Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
---------------------------------------------
https://www.openssl.org/news/secadv/20170126.txt


*** DFN-CERT-2017-0154: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0154/


*** IETF IPv6 Protocol CVE-2016-10142 Denial of Service Vulnerability ***
---------------------------------------------
CVE-2016-10142 kernel - IPV6 fragmentation flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1415908
---------------------------------------------
Generation of IPv6 Atomic Fragments Considered Harmful
https://tools.ietf.org/html/rfc8021
---------------------------------------------
http://www.securityfocus.com/bid/95797/


*** Security Advisory: TMM vulnerability CVE-2016-9249 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71282001.html?ref=rss


*** Bugtraq: ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540050


*** Vuln: Multiple TIBCO Products CVE-2017-3180 Multiple Unspecified Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95699


*** Vuln: Autodesk FBX-SDK CVE-2016-9307 Multiple Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95802


*** Vuln: Autodesk FBX-SDK CVE-2016-9304 Multiple Buffer Overflow Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/95799


*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple IBM Websphere Application Server (WAS) vulnerabilities (CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 ) ***
---------------------------------------------
Multiple vulnerabilities have been identified in the IBM Websphere Application Server (WAS) that is embedded in IBM FSM. This update addresses these issues. CVE(s): CVE-2016-3092, CVE-2016-5986, CVE-2016-5983 Affected product(s) and affected version(s): Flex System Manager 1.3.4.0 Flex System Manager 1.3.3.0 Flex System Manager 1.3.2.1 Flex System Manager 1.3.2.0 Refer to the following reference URLs for...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024555


*** IBM Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities ***
---------------------------------------------
IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries CVE(s): CVE-2014-3574, CVE-2014-3529, CVE-2016-5000 Affected product(s) and affected version(s): IBM Forms Experience Builder 8.5 IBM Forms Experience Builder 8.5.1 IBM Forms Experience Builder 8.6 Refer to the following reference URLs for remediation and...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21997296


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ***
---------------------------------------------
There are multiple vulnerabilities in IBM Runtime Environment Java Version 1.5 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in January and April 2016. This Bulletin addresses these vulnerabilities. CVE(s): CVE-2015-7575, CVE-2016-0448, CVE-2016-0475, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-0264, CVE-2016-3426 Affected product(s) and affected version(s): Flex...
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024558