[CERT-daily] Tageszusammenfassung - Mittwoch 17-05-2017

Daily end-of-shift report team at cert.at
Wed May 17 18:13:22 CEST 2017


=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 16-05-2017 18:00 − Mittwoch 17-05-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Jetzt patchen: Gerfährliche Sicherheitslücke in Joomla ***
---------------------------------------------
Das Joomla-Team schließt mit Version 3.7.1 eine SQL-Injection-Lücke, die fatale Folgen haben kann. Joomla-Admins sollten zügig reagieren.
---------------------------------------------
https://heise.de/-3716175




*** WordPress-Update 4.7.5 schließt sechs Sicherheitslücken ***
---------------------------------------------
Zwar werden keine der Lücken als kritisch eingestuft, Admins sollten sich aber trotzdem um die XSS- und CSRF-Lücken kümmern.
---------------------------------------------
https://heise.de/-3716055




*** Extending Microsoft Edge Bounty Program ***
---------------------------------------------
Over the past 10 months, we've paid out more than $200,000 USD in bounties to researchers reporting vulnerabilities through the Microsoft Edge Bounty Program. Partnering with the research community has helped improve Microsoft Edge security, and to continue this collaboration, today we're extending the end date of the Edge on Windows Insider Preview (WIP) bounty...
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edge-bounty-program/




*** BSI veröffentlicht Mindeststandard für Mobile Device Management ***
---------------------------------------------
Der Mindeststandard definiert in 40 technischen und organisatorischen Regeln die Anforderungen an MDM-Systeme des Bundes sowie deren Betrieb. Er definiert, welche Richtlinien ein System umsetzen können muss, lässt aber Spielraum bei deren Ausgestaltung.
---------------------------------------------
https://heise.de/-3715500




*** Basic Best Practices for Securing LDAP and Active Directory with Red Hat ***
---------------------------------------------
In the enterprise, its very popular to manage Windows client PCs through Red Hat servers. This sort of configuration is especially common in healthcare and the financial services industries. Red Hat Enterprise Linux (RHEL) has good software for working with Windows Active Directory. Red Hat Enterprise Linux can also manage clients with multiple platforms, such as Windows, OS X, Android, and other Linux distributions with OpenLDAP, an opensource implementation of the Lightweight Directory Access [...]
---------------------------------------------
https://www.alienvault.com/blogs/security-essentials/basic-best-practices-for-securing-ldap-and-active-directory-with-red-hat




*** Gefälschtes easybank-Schreiben: Konto gesperrt ***
---------------------------------------------
Kriminelle versenden eine gefälschte easybank-Nachricht. Darin heißt es, dass Unbekannte auf das Konto zugegriffen haben. Deshalb sollen Kund/innen eine Website aufrufen, persönliche Bankdaten bekannt geben und ihr Konto bestätigen. Wer die verlangten Informationen Preis gibt, übermittelt sie an Verbrecher/innen.
---------------------------------------------
https://www.watchlist-internet.at/phishing/gefaelschtes-easybank-schreiben-konto-gesperrt/




*** Why Phishing Attacks Succeed ***
---------------------------------------------
The first time I received a "secure" email message from my bank, I was a bit suspicious of what I was actually seeing. It looked too much like a phishing attempt for my comfort. The message in my inbox was from my banker's email address, not from Chase 1 directly. It also included an attached HTML page and instructions to "open the attached page in an browser for instructions on how to proceed."
---------------------------------------------
https://ttmm.io/tech/why-phishing-attacks-succeed/




*** How Big Fuzzing helps find holes in open source projects ***
---------------------------------------------
Googles beta project, OSS-Fuzz, has found 264 vulnerabilities in 47 open-source projects - so is it an idea whose time has come?
---------------------------------------------
https://nakedsecurity.sophos.com/2017/05/17/how-big-fuzzing-helps-find-holes-in-open-source-projects/




*** Security Advisory - DoS Vulnerability in Some Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170517-01-ac-en




*** SSB-412479 (Last Update 2017-05-16): Customer Information on WannaCry Malware for Siemens Healthineers Imaging and Diagnostics Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-421479.pdf




*** Indicators Associated With WannaCry Ransomware (Update A) ***
---------------------------------------------
This updated alert is a follow-up to the original alert titled ICS-ALERT-17-135-01 Indicators Associated With WannaCry Ransomware that was published May 15, 2017, on the NCCIC/ICS-CERT web site.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01A




*** FortiOS stored XSS vulnerability in the policy global-label parameter ***
---------------------------------------------
FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named global-label . This can however only be exploited by an administrator with write privileges.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-057




*** NTP vulnerability CVE-2017-6463 ***
---------------------------------------------
NTP vulnerability CVE-2017-6463. Security Advisory. Security Advisory Description. NTP before 4.2.8p10 and 4.3.x before ...
---------------------------------------------
https://support.f5.com/csp/article/K02951273




*** Linux kernel vulnerability CVE-2017-8106 ***
---------------------------------------------
Linux kernel vulnerability CVE-2017-8106. Security Advisory. Security Advisory Description. The handle_invept function ...
---------------------------------------------
https://support.f5.com/csp/article/K34886212




*** Schneider Electric VAMPSET ***
---------------------------------------------
This advisory contains mitigation details for a memory corruption vulnerability in Schneider Electric's VAMPSET.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-04




*** Detcon SiteWatch Gateway ***
---------------------------------------------
This advisory contains mitigation details for authentication bypass and plaintext storage of a password vulnerabilities in Detcon's SiteWatch Gateway.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01




*** Hanwha Techwin SRN-4000 ***
---------------------------------------------
This advisory contains mitigation details for an unauthenticated access vulnerability in Hanwha Techwin's SRN-4000.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-03




*** Schneider Electric SoMachine HVAC ***
---------------------------------------------
This advisory contains mitigation details for buffer overflow and DLL hijack vulnerabilities in Schneider Electric's SoMachine HVAC.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-02




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999513
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM Algo One  Algo Risk Application and Core (CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg22000818
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003157
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring ***
http://www.ibm.com/support/docview.wss?uid=swg22002865
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer and WebSphere Integration Developer ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002555
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One  Core (CVE-2016-8745) ***
http://www.ibm.com/support/docview.wss?uid=swg22001932
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Protection (CVE-2015-8325) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999248
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003304
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003305
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in GNU C library (glibc) affect IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001907
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Protection (CVE-2016-8610, and CVE-2017-3731) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999162
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999246
---------------------------------------------


More information about the Daily mailing list