End-of-Shift report
Timeframe: Montag 31-10-2016 18:00 − Mittwoch 02-11-2016 18:00
Handler: Alexander Riepl
Co-Handler: Stephan Richter
New, more-powerful IoT botnet infects 3,500 devices in 5 days
Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse.
http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-notorious-mirai-infects-3500-devices/
Docker user? Havent patched Dirty COW yet? Got bad news for you
Repeat after me, containerization isnt protection, its a management feature Heres another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers.
http://go.theregister.com/feed/www.theregister.co.uk/2016/11/01/docker_user_havent_patched_dirty_cow_yet_bad_news/
Sicherheits-Patch für Zero-Day-Lücke in Windows in Sicht
Ein Ausnutzen der Schwachstelle soll nur in Verbindung mit einer bereits geschlossenen Flash-Lücke funktionieren. Microsoft kritisiert Google für die frühe Offenlegung der Lücke.
https://heise.de/-3454255
Millionen Surf-Profile: Daten stammen angeblich auch von Browser-Addon WOT
Die detaillierten Daten zum Surfverhalten von Millionen Deutschen, auf die NDR-Reporter Zugriff haben, stammen offenbar auch von der beliebten Browser-Erweiterung WOT. Die damit gesammelten Daten seien leicht bestimmten Personen zuzuordnen.
https://heise.de/-3453820
Performance-Framework: Kritische Sicherheitslücken in Memcached geschlossen
Von einer Sicherheitslücke in einem beliebten Performance-Framework sind auch Dienste wie Facebook, Youtube und Reddit betroffen gewesen. Angreifer hätten auf dem Zielsystem Code ausführen können. Ein Patch und ein Workaround sind verfügbar.
http://www.golem.de/news/performance-framework-kritische-sicherheitsluecken-in-memcached-geschlossen-1611-124210-rss.html
Datenpanne: Wenn das iPhone die Geheimnummer der Nationalratspräsidentin kennt
Offenbar durch einen Fehler bei AppleCare sind die Telefonbucheinträge mehrerer iPhone-Nutzer an andere übertragen worden, berichten der "Stern" und das österreichische Magazin "News".
https://heise.de/-3454575
Belkin's WeMo Gear Can Hack Android Phones
Vulnerabilities in WeMo home automation devices can be used to attack the Android apps used to manage devices remotely.
http://threatpost.com/belkins-wemo-gear-can-hack-android-phones/121730/
Security Advisory: OpenSSL vulnerability CVE-2016-2179
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23512141.html?ref=rss
Security Advisory 2016-02: Security Update for OTRS
November 01, 2016 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to:
security at otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2017-08-20] uid OTRS Security Team GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22
https://www.otrs.com/security-advisory-2016-02-security-update-otrs/
Palo Alto PAN-OS Insecure API Token Generation Lets Remote Users Access the Target Firewall API Interface
http://www.securitytracker.com/id/1037153
Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1037152
DFN-CERT-2016-1794: Django: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1794/
USN-3118-1: Mailman vulnerabilities
Ubuntu Security Notice USN-3118-11st November, 2016mailman vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Mailman.Software description mailman - Powerful, web-based mailing list manager DetailsIt was discovered that the Mailman administrative web interface did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were
http://www.ubuntu.com/usn/usn-3118-1/
CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure
A defect in BINDs handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c
https://kb.isc.org/article/AA-01434/0/CVE-2016-8864%3A-A-problem-handling-responses-containing-a-DNAME-answer-can-lead-to-an-assertion-failure.html
Symantec IT Management Suite Multiple Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161031_00
Norton Mobile Security for Android Multiple Security Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161101_00
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 )
http://www-01.ibm.com/support/docview.wss?uid=swg21992931
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2016-6072)
http://www-01.ibm.com/support/docview.wss?uid=swg21991893
IBM Security Bulletin: IBM Security Guardium Data Redaction is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU Jul 2016 Includes Oracle Jul 2016 CPU (CVE-2016-3485)
http://www-01.ibm.com/support/docview.wss?uid=swg21992001
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2016-3485, CVE-2016-3511, CVE-2016-3598)
http://www.ibm.com/support/docview.wss?uid=swg21993191
IBM Security Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Mobile appliances (CVE-2016-3028)
http://www.ibm.com/support/docview.wss?uid=swg21991110
IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025)
http://www.ibm.com/support/docview.wss?uid=swg21991107
Cisco Security Advisories
Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr
Cisco TelePresence Endpoints Local Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp
Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic
Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa
Cisco Prime Home Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph
Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms