End-of-Shift report
Timeframe: Mittwoch 12-10-2016 18:00 − Donnerstag 13-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Gefälschte Finanzministerium-Phishingmail im Umlauf
In E-Mailpostfächern findet sich eine vermeintliche Benachrichtigung des Bundesministerium für Finanzen. In dem Schreiben heißt es, dass das BMF Empfänger/innen die Überzahlung von 716,43 Euro zurückerstatte. Dafür sei es notwendig, dass diese ein "Steuer formular" im Anhang der E-Mail ausfüllen. Es handelt sich um einen Phishingversuch von Kriminellen.
https://www.watchlist-internet.at/phishing/gefaelschte-finanzministerium-phishingmail-im-umlauf/
Gratulation an unser milCERT
Gestern war der monatliche Patchday von Microsoft und mitten in den Bugs, die Remote Code Execution erlauben findet sich auch folgendes: Acknowledgments - 2016 MS16-121 Microsoft Office Memory Corruption Vulnerability CVE-2016-7193 Austrian MilCERT | Wir gratulieren unseren Kollegen aus der Stiftskaserne zu dem Fund und erwarten die Details dazu demnächst über dem einen oder anderen Bier. Autor: Otmar Lendl
http://www.cert.at/services/blog/20161012185042-1798.html
Everyone Loves Selfies, Including Malware!
I was talking with some of my coworkers the other day about why I wanted to jump to the larger iPhone 7 Plus. For me it came down to the camera. I travel a lot for work and even though photography is something of a hobby of mine, I don't always have my "good camera"...
https://blogs.mcafee.com/consumer/everyone-loves-selfies-including-malware/
A Look at the BIND Vulnerability: CVE-2016-2776
On September 27, the Internet Systems Consortium (ICS) announced the release of patches for a critical vulnerability that would allow attackers to launch denial-of-service (DoS) attacks using the Berkeley Internet Name Domain (BIND) exploits. The critical error was discovered during internal testing by the ISC. BIND is a very popular open-source software component that implements DNS protocols. It is also known as the de facto standard for Linux and other Unix-based systems, which means a...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/78QqkPE96mw/
WSF attachments are the latest malware delivery vehicle
Most users have by now learned not to open executable (.EXE), various MS Office, RTF and PDF files delivered via unsolicited emails, but malware peddlers are always trying out new ways to trick users, email filters and AV software. Number of blocked emails containing malicious WSF attachments by month According to Symantec, Windows Script Files (WSFs) are the latest file types to be exploited to deliver malware via email.
https://www.helpnetsecurity.com/2016/10/13/wsf-attachments-malware-delivery/
CryPy: ransomware behind Israeli lines
A Tweet posted recently by AVG researcher, Jakub Kroustek, suggested that a new ransomware, written entirely in Python, had been found in the wild, joining the emerging trend for Pysomwares such as the latest HolyCrypt, Fs0ciety Locker and others.
http://securelist.com/blog/research/76318/crypy-ransomware-behind-israeli-lines/
IoT Devices as Proxies for Cybercrime
Multiple stories published here over the past few weeks have examined the disruptive power of hacked "Internet of Things" (IoT) devices such as routers, IP cameras and digital video recorders. This post looks at how crooks are using hacked IoT devices as proxies to hide their true location online as they engage in a variety of other types of cybercriminal activity -- from frequenting underground forums to credit card and tax refund fraud.
https://krebsonsecurity.com/2016/10/iot-devices-as-proxies-for-cybercrime/
6000 Online-Shops angeblich mit Kreditkarten-Skimmern verseucht - Tendenz steigend
Online-Kriminelle greifen derzeit vermehrt Kreditkarten-Daten auf Webseiten von Online-Shops ab, berichtet ein Sicherheitsforscher.
https://heise.de/-3349185
What is MANRS and does your network have it?
While the internet itself was first envisioned as a way of enabling robust, fault-tolerant communication, the global routing infrastructure that underlies it is relatively fragile. A simple error like the misconfiguration of routing information in one of the 7,000 to 10,000 networks central to global routing can lead to a widespread outage, and deliberate actions, like preventing traffic with spoofed source IP addresses, can lead to distributed denial of service (DDoS) attacks.
http://www.cio.com/article/3130707/internet/what-is-manrs-and-does-your-network-have-it.html#tk.rss_security
Cisco Security Advisories
Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8
Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas
Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm
Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime
Cisco Meeting Server Client Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc
Cisco Finesse Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin
Juniper Security Bulletins
JSA10763 - 2016-10 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Junos CLI (CVE-2016-4922)
http://kb.juniper.net/index/content&id=JSA10763&actp=RSS
JSA10766 - 2016-10 Security Bulletin: vMX: Information leak vulnerability (CVE-2016-4924)
http://kb.juniper.net/index/content&id=JSA10766&actp=RSS
JSA10767 - 2016-10 Security Bulletin: JUNOSe: Line Card Reset: processor exception 0x68616c74 (halt) task: scheduler, upon receipt of crafted IPv6 packet (CVE-2016-4925)
http://kb.juniper.net/index/content&id=JSA10767&actp=RSS
JSA10764 - 2016-10 Security Bulletin: Junos J-Web: Cross Site Scripting Vulnerability (CVE-2016-4923)
http://kb.juniper.net/index/content&id=JSA10764&actp=RSS
JSA10762 - 2016-10 Security Bulletin: Junos: IPv6 denial of service vulnerability due to resource exhaustion (CVE-2016-4921)
http://kb.juniper.net/index/content&id=JSA10762&actp=RSS
JSA10761 - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView
http://kb.juniper.net/index/content&id=JSA10761&actp=RSS
JSA10760 - 2016-10 Security Bulletin: Junos Space: Multiple vulnerabilities
http://kb.juniper.net/index/content&id=JSA10760&actp=RSS
JSA10759 - 2016-10 Security Bulletin: OpenSSL security updates
http://kb.juniper.net/index/content&id=JSA10759&actp=RSS
Security Advisory: PCRE vulnerability CVE-2016-3191
https://support.f5.com:443/kb/en-us/solutions/public/k/51/sol51440224.html?ref=rss
Brocade NetIron MLX Line Card IPSec Processing Bug Lets Remote Users Cause the Target Line Card to Reset
http://www.securitytracker.com/id/1037010
Fortinet FortiManager Input Validation Flaw in Advanced Settings Page Lets Remote Authenticated Administrative Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1036982
Fortinet FortiAnalyzer Input Validation Flaw in Advanced Settings Page Lets Remote Authenticated Administrative Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1036981
Palo Alto PAN-OS Range Header Null Pointer Dereference Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1037007
DFN-CERT-2016-1689: Ghostscript: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1689/
Vuln: SAP NetWeaver ABAP ST-PI Component SQL Injection Vulnerability
http://www.securityfocus.com/bid/93506
Vuln: SAP BusinessObjects Unspecified Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/93508
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM BigFix Remote Control (CVE-2016-2183, CVE-2016-6304, CVE-2016-2177, CVE-2016-2178, CVE-2016-6306)
http://www-01.ibm.com/support/docview.wss?uid=swg21991896
IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to information disclosure (CVE-2016-5994)
http://www-01.ibm.com/support/docview.wss?uid=swg21992171
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM BigFix Remote Control (CVE-2016-2183)
http://www-01.ibm.com/support/docview.wss?uid=swg21991894
IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Websphere that is used by IBM BigFix Remote Control. (CVE-2016-3092)
http://www-01.ibm.com/support/docview.wss?uid=swg21991866
IBM Security Bulletin: Vulnerability in IBM Websphere Application Server affects IBM BigFix Remote Control (CVE-2016-5983)
http://www-01.ibm.com/support/docview.wss?uid=swg21991902
IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud has addressed (CVE-2016-5949)
http://www.ibm.com/support/docview.wss?uid=swg21992276
IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Campaign, IBM Interact, IBM Distributed Marketing, IBM Marketing Operations (CVE-2016-3092)
http://www.ibm.com/support/docview.wss?uid=swg21991786
IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload Vulnerabilities IBM Algorithmics Algo Risk Application
http://www.ibm.com/support/docview.wss?uid=swg21990262
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2016-2177, CVE-2016-2178)
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099492
IBM Security Bulletin: Multiple vulnerabilities in Apache Struts affect IBM BigFix Remote Control (CVE-2016-1181, CVE-2016-1182)
http://www-01.ibm.com/support/docview.wss?uid=swg21991903