[CERT-daily] Tageszusammenfassung - Donnerstag 9-03-2017

Thu Mar 9 18:12:52 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 08-03-2017 18:00 − Donnerstag 09-03-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Jetzt patchen! Apache Struts 2 im Visier von Hackern ***
---------------------------------------------
Derzeit nutzen Angreifer gehäuft eine kritische Sicherheitslücke in dem Framework aus und versuchen so Web-Server zu übernehmen. Neue Versionen und Workarounds schaffen Abhilfe.
---------------------------------------------
https://heise.de/-3648065


*** Uncovering cross-process injection with Windows Defender ATP ***
---------------------------------------------
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2017/03/08/uncovering-cross-process-injection-with-windows-defender-atp/


*** #APF17: Call for Papers ***
---------------------------------------------
ENISA's Annual Privacy Forum (APF) is to be held in Vienna on the 7th and 8th June 2017, in collaboration with the Law Faculty of the University of Vienna.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/apf17-call-for-papers


*** 185.000 unsichere Webcams könnten Hackern private Einblicke gewähren ***
---------------------------------------------
Ein Sicherheitsforscher stieß auf kritische Sicherheitslücken in einer chinesischen Webcam. Das Problem ist, viele Hersteller setzen auf die verwendete Software und verkaufen angreifbare Kameras unter ihrer Marke.
---------------------------------------------
https://heise.de/-3648458


*** Emsisoft Releases a Decryptor for the CryptON Ransomware ***
---------------------------------------------
Yesterday, Emsisofts CTO and malware researcher Fabian Wosar? released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-the-crypton-ransomware/


*** SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro Deep Discovery Email Inspector 2.5.1 ***
---------------------------------------------
Trend Micro has released a Critical Patch for Deep Discovery Email Inspector (DDEI) 2.5.1. This Critical Patch resolves multiple vulnerabilities related to the user interface (UI) and authentication.
---------------------------------------------
https://success.trendmicro.com/solution/1116750


*** Security Notice - Statement on Security Researcher Revealing XSS Security Vulnerability in Huawei HG658 V2 on Packet Storm Website ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170308-01-hg658-en


*** VU#305448: D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability ***
---------------------------------------------
D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected.
---------------------------------------------
http://www.kb.cert.org/vuls/id/305448


*** Bugtraq: [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540239


*** Bugtraq: [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540241


*** Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2016-029Project: Services (third-party module)Version: 7.xDate: 2017-March-08Security risk: 21/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Arbitrary PHP code executionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module accepts user submitted data in PHPs serialization format ("Content-Type: application/vnd.php.serialized")
---------------------------------------------
https://www.drupal.org/node/2858847


*** PRLP - Critical - Access Bypass and Privilege Escalation - SA-CONTRIB-2017-030 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2017-030Project: Password Reset Landing Page (PRLP) (third-party module)Version: 8.xDate: 2017-March-08Security risk: 16/25 ( Critical) AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypass, Privilege escalationDescriptionThis module adds a form on the password-reset-landing page to allow changing the password of the user during the log in process.The module does not sufficiently validate all access tokens, which allows an attacker to...
---------------------------------------------
https://www.drupal.org/node/2858880


*** Vuln: Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability ***
--------------------------------------------
http://www.securityfocus.com/bid/96731


*** Vuln: Apache NiFi CVE-2017-5635 Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96730


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities affect Rational Rhapsody Design Manager with potential for security attacks ***
http://www.ibm.com/support/docview.wss?uid=swg21999960
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998463
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436) ***
http://www.ibm.com/support/docview.wss?uid=swg21999781
---------------------------------------------
*** IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996748
---------------------------------------------