[CERT-daily] Tageszusammenfassung - Mittwoch 15-03-2017
Daily end-of-shift report
team at cert.at
Wed Mar 15 18:36:42 CET 2017
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 14-03-2017 18:00 − Mittwoch 15-03-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Sicherheitsupdates: Microsoft veranstaltet zwei Patchdays an einem Tag ***
---------------------------------------------
Im März holt Microsoft den aus unbekannten Gründen verschobenen Patchday aus dem Februar nach, stellt zudem die Patches für den aktuellen Monat bereit und schließt insgesamt 140 Sicherheitslücken.
---------------------------------------------
https://heise.de/-3653806
*** March 2017 security update release ***
---------------------------------------------
Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month's security updates can be found on the Security Update Guide. Security bulletins were also published this month to give customers extra time to ensure they are...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/03/14/march-2017-security-update-release/
*** Propaganda auf Twitter ***
---------------------------------------------
Der echte Groundhog Day ist noch nicht lange her, und manchmal kommt es einem so vor, als wäre im Internet jeden Tag "Groundhog Day": manche Sachen wiederholen sich einfach viel zu oft.Aktuell geht es um missbrauchte Twitter-Accounts. Das hatte wir schon im November: twittercounter.com hatte ein Problem, und schon werden Tweets unter falschem Namen verteilt. Das gleiche ist gerade wieder passiert...
---------------------------------------------
http://www.cert.at/services/blog/20170315114231-1952.html
*** Patchday: Adobe umsorgt Flash und Shockwave Player ***
---------------------------------------------
Wie gewohnt flickt Adobe den Flash Player - darüber hinaus bekommt diesen Monat auch der Shockwave Player ein Sicherheitsupdate serviert.
---------------------------------------------
https://heise.de/-3653924
*** Citrix XenServer Multiple Security Updates ***
---------------------------------------------
Two security issues have been identified within Citrix XenServer. These issues could, if exploited, allow the administrator ...
---------------------------------------------
https://support.citrix.com/article/CTX220771
*** VMware Workstation and Fusion Memory Access Error in Drag and Drop Function Lets Local Users on a Guest System Gain Elevated Privileges on the Host System ***
---------------------------------------------
http://www.securitytracker.com/id/1038025
*** DNSSEC-Schlüsseltausch 2017: ICANN setzt Testseite für Resolver auf ***
---------------------------------------------
Sollte es Angreifern gelingen, einen DNSSEC-Schlüssel zu knacken, können sie glaubwürdig aussehende, aber falsche DNS-Replys verbreiten. Deshalb müssen Schlüssel ab und zu gewechselt werden. Bei der Root-Zone ist das eine heikle Sache.
---------------------------------------------
https://www.heise.de/newsticker/meldung/DNSSEC-Schluesseltausch-2017-ICANN-setzt-Testseite-fuer-Resolver-auf-3653644.html
*** Petya ransomware returns, wrapped in extra VX nastiness ***
---------------------------------------------
PetrWrap tries to blame its predecessor for attacks Researchers have spotted a variant of last years Petya ransomware, now with updated crypto and ransomware models.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/03/15/petya_returns_wrapped_in_extra_vx_nastiness/
*** Gefälschte Rechnung auf dropboxusercontent.com ***
---------------------------------------------
In einer E-Mail mit dem Betreff "Zahlungsdetails" erhalten Internet-Nutzer/innen angeblich eine Rechnung. Sie steht unter dem Link "dl.dropboxusercontent.com/" als ZIP-Datei zum Download bereit. In Wahrheit handelt es sich bei dem Dokument um Schadsoftware. Aus diesem Grund dürfen Empfänger/innen die angebliche Rechnung nicht öffnen.
---------------------------------------------
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-rechnung-auf-dropboxusercontentcom/
*** Konsumentenschützer wollen Update-Verpflichtung ***
---------------------------------------------
Verbraucherorganisationen aus aller Welt fordern die 20 führenden Industrie- und Schwellenländer (G20) zum grenzüberschreitenden Schutz der Konsumenten im Internet auf.
---------------------------------------------
https://futurezone.at/digital-life/konsumentenschuetzer-wollen-update-verpflichtung/252.068.954
*** Schwere Sicherheitslücke in den Web-Oberflächen von WhatsApp und Telegram geschlossen ***
---------------------------------------------
Eine Lücke bei WhatsApp Web und Telegram Web erlaubt es Angreifern, die Web-Sessions der Messenger zu kapern. Auf diesem Wege können sie Nachrichten mitlesen, Adressbücher kopieren und Schadcode an Kontakte verschicken.
---------------------------------------------
https://heise.de/-3653793
*** Where Have All The Exploit Kits Gone? ***
---------------------------------------------
For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what's replaced them?
---------------------------------------------
http://threatpost.com/where-have-all-the-exploit-kits-gone/124241/
*** Vorsicht Fake: Betrüger locken mit Emulator für Nintendos Switch ***
---------------------------------------------
Derzeit kursiert im Internet eine Anwendung, die Spiele von Nintendos aktueller Konsole Switch auf PCs emulieren können soll: Die "Entwickler" hinter dem vermeintlichen Emulator verfolgen aber ein ganz anderes Ziel.
---------------------------------------------
https://heise.de/-3654299
*** PowerShell Remoting Artifacts: An Introduction ***
---------------------------------------------
Since PowerShell usage by malware is on the rise, in this article series, we will learn about the various artifacts related to PowerShell remoting that can be very beneficial during the investigation and during building stories around Attack Chain.
---------------------------------------------
http://resources.infosecinstitute.com/powershell-remoting-artifacts-part-1/
*** Gaps in NIS standardisation: Mapping the requirements of the NIS Directive to specific standards ***
---------------------------------------------
ENISA publishes a report on European standardisation within the context of the NIS Directive.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/gaps-in-nis-standardisation-mapping-the-requirements-of-the-nis-directive-to-specific-standards
*** VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials ***
---------------------------------------------
Vulnerability Note VU#553503 D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
---------------------------------------------
http://www.kb.cert.org/vuls/id/553503
*** An Introduction to Penetration Testing Node.js Applications ***
---------------------------------------------
In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues.
---------------------------------------------
http://resources.infosecinstitute.com/penetration-testing-node-js-applications-part-1/
*** SAP pushes to patch risky HANA security flaws before hackers strike ***
---------------------------------------------
Europes top software maker SAP said on Tuesday it had patched vulnerabilities in its latest HANA software that had a potentially high risk of giving hackers control over databases and business applications used to run big multinational firms.
---------------------------------------------
http://www.reuters.com/article/us-cyber-sap-idUSKBN16L1FH
*** JSON Libraries Patched Against Invalid Curve Crypto Attack ***
---------------------------------------------
JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key.
---------------------------------------------
http://threatpost.com/json-libraries-patched-against-invalid-curve-crypto-attack/124336/
*** Security Advisory - DoS Vulnerability in Vibrator Service of Huawei Smart Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170315-01-smartphone-en
*** Vuln: SAP NetWeaver Visual Composer Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96865
*** JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates ***
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759&actp=RSS
*** Vuln: SAP ERP Remote Authorization Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96871
*** Vuln: Trend Micro InterScan Messaging Security CVE-2017-6398 Remote Code Execution Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/96859
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM Algo One ARA reports can be accessed by another user ***
http://www.ibm.com/support/docview.wss?uid=swg21999754
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM Java SDK that affect IBM Security Directory Suite (CVE-2016-5597) October 2016 CPU ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994296
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010008
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010007
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010009
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1010010
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology ***
http://www.ibm.com/support/docview.wss?uid=swg21999965
---------------------------------------------
*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800
---------------------------------------------
*** Cisco Web Security Appliance URL Filtering Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa
---------------------------------------------
*** Cisco WebEx Meetings Server XML External Entity Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wms
---------------------------------------------
*** Cisco Meshed Wireless LAN Controller Impersonation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh
---------------------------------------------
*** Cisco WebEx Meetings Server Authentication Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-webex
---------------------------------------------
*** Cisco UCS Director Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs
---------------------------------------------
*** Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2
---------------------------------------------
*** Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1
---------------------------------------------
*** Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm
---------------------------------------------
*** Cisco TelePresence Server API Privilege Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tps
---------------------------------------------
*** Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes
---------------------------------------------
*** Cisco Prime Service Catalog Multiple Cross-Site Scripting Vulnerabilities ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-psc
---------------------------------------------
*** Cisco Nexus 9000 Series Switches Remote Login Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss1
---------------------------------------------
*** Cisco Nexus 9000 Series Switches Telnet Login Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss
---------------------------------------------
*** Cisco Prime Optical for Service Providers RADIUS Secret Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpo
---------------------------------------------
*** Cisco Prime Infrastructure API Credentials Management Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpi
---------------------------------------------
*** Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cns
---------------------------------------------
*** Cisco StarOS SSH Privilege Escalation Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr
---------------------------------------------
*** Cisco Adaptive Security Appliance BGP Bidirectional Forwarding Detection ACL Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asa
---------------------------------------------
More information about the Daily
mailing list