[CERT-daily] Tageszusammenfassung - Dienstag 7-03-2017

Tue Mar 7 18:15:06 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 06-03-2017 18:00 − Dienstag 07-03-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Sicherheitsupdate härtet WordPress gegen XSS-Angriffe ***
---------------------------------------------
Wer das CMS WordPress nutzt sollte sicherstellen, dass die aktuelle Version 4.7.3 installiert ist. Ansonsten könnten Angreifer Sicherheitslücken in vorigen Versionen ausnutzen.
---------------------------------------------
https://heise.de/-3645684


*** River City Media: Spammer vergessen 1,4 Milliarden Mailadressen im Netz ***
---------------------------------------------
Ein Backup-Fehler dürfte das Aus für ein großes Spamnetzwerk aus den USA bedeuten. River City Media verdiente Geld mit Spam-Nachrichten, SMS-Kampagnen und Affiliate-Marketing - inklusive gefälschter Suchmaschinen.
---------------------------------------------
https://www.golem.de/news/river-city-media-spammer-vergessen-1-4-milliarden-mailadressen-im-netz-1703-126566-rss.html


*** SAP Security for Beginners part 7: SAP ABAP Platform Security ***
---------------------------------------------
>From the previous articles of SAP Security for CISO series (especially SAP Risks), you reviewed many examples of potential attacks on these systems. Now it is time to learn how these attacks can be conducted via vulnerabilities discovered in SAP systems. First, let's look at patching process in SAP. When the vendor fixes vulnerabilities in...
---------------------------------------------
http://resources.infosecinstitute.com/sap-security-beginners-part-7-sap-abap-platform-security/


*** TU Wien-Team auf drittem Platz bei internationalem Hacker-Wettbewerb ***
---------------------------------------------
International Capture The Flag-Bewerb mit Internet-Sicherheits-Teams von 78 Universitäten
---------------------------------------------
http://derstandard.at/2000053747853


*** A tcpdump Tutorial and Primer with Examples ***
---------------------------------------------
Mar 6, 2017 - I just performed a major update to this tutorial after over 10 years. The update includes a fully functional table of contents and a number of additional explanations. Enjoy!
---------------------------------------------
https://danielmiessler.com/study/tcpdump/


*** WikiLeaks Releases CIA Hacking Tools ***
---------------------------------------------
WikiLeaks just released a cache of 8,761 classified CIA documents from 2012 to 2016, including details of its offensive Internet operations.I have not read through any of them yet. If you see something interesting, tell us in the comments.
---------------------------------------------
https://www.schneier.com/blog/archives/2017/03/wikileaks_relea.html


*** DFN-CERT-2017-0394: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0394/


*** WordPress Multiple Plugins - Remote File Upload ***
---------------------------------------------
Topic: WordPress Multiple Plugins - Remote File Upload Risk: High Text:Id like to report multiple remote file upload vulnerabilities on five plugins, attached is the PoC exploit and screenshot ; It...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017030065


*** [2017-03-07] Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud ***
---------------------------------------------
Multiple critical vulnerabilities, such as unauthenticated OS command injection or arbitrary file upload, within the WD My Cloud devices allow an attacker to gain access on the device.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170307-0_WD_MyCloud_OS_cmd_injection_file_upload_v10.txt


*** Sicherheitsupdate für Symantec Endpoint Protection ***
---------------------------------------------
Symantec Endpoint Protection ist ein Softwarepaket zum Schutz vor Viren und Malware.In Symantec Endpoint Protection 12.1 existiert eine Sicherheitslücke, die es einem Angreifer mit Zugriff auf Ihren Computer unter bestimmten Umständen ermöglicht, diesen zu übernehmen und massiv zu schädigen. Eine weitere Sicherheitslücke in Symantec Endpoint Protection 12.1 und 14.0 ermöglicht es dem Angreifer, beliebige Befehle auf Ihrem Computer auszuführen.
---------------------------------------------
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_tw-t17-0022.html


*** VU#355151: ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#355151 ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities Original Release date: 07 Mar 2017 | Last revised: 07 Mar 2017   Overview According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues.  Description According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version...
---------------------------------------------
http://www.kb.cert.org/vuls/id/355151


*** Security Advisory: The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23022557.html?ref=rss


*** Vuln: WePresent WiPG-1500 Device CVE-2017-6351 Hardcoded Password Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96588


*** Vuln: TeX Live CVE-2016-10243 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96593


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Information Disclosure vulnerability affects IBM DB2 LUW (CVE-2017-1150) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999515
---------------------------------------------
*** IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2016-9131, CVE-2016-9444, CVE-2016-9147, CVE-2016-9778 and CVE-2017-3135) ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021889
---------------------------------------------
*** IBM Security Bulletin: Multiple cross-site scripting vulnerabilities found in IBM UrbanCode Deploy (CVE-2016-9006) ***
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000264
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999723
---------------------------------------------
*** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999671
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Websphere Application Server affects IBM Cognos Metrics Manager (CVE-2016-5983) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999722
---------------------------------------------
*** IBM Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933) ***
http://www.ibm.com/support/docview.wss?uid=swg21997223
---------------------------------------------