Tageszusammenfassung - Montag 7-11-2016

End-of-Shift report

Timeframe: Freitag 04-11-2016 18:00 − Montag 07-11-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Sophos Web Appliance 4.2.1.3 Remote Code Execution

https://cxsecurity.com/issue/WLB-2016110036

Two Critical MySQL Bugs Discovered

An anonymous reader quotes InfoWorld: Two critical privilege escalation vulnerabilities in MySQL, MariaDB, and PerconaDB can help take control of ..

https://developers.slashdot.org/story/16/11/05/056227/two-critical-mysql-bugs-discovered

Tech support scammers use denial of service bug to hang victims

Process pig keeps eyes glued on fraudsters phone number. Tech support fraudsters have taught an old denial of service bug new tricks to add a convincing layer of authenticity to scams. www.theregister.co.uk/2016/11/07/tech_support_scammers_use_denial_of_service_bug_to_hang_victims/

Vuln: cURL/libcURL CVE-2016-8625 Remote Security Bypass Vulnerability

http://www.securityfocus.com/bid/94107

Disassembling a Mobile Trojan Attack

In fact, any site using AdSense to display adverts could potentially have displayed messages that downloaded the dangerous Svpeng and automatically saved it to ..

http://securelist.com/blog/research/76286/disassembling-a-mobile-trojan-attack/

Hintergrund: Threat Intelligence: IT-Sicherheit zum Selbermachen?

Viele IT-Sicherheitsfirmen erweitern ihr Portfolio derzeit um sogenannte Threat Intelligence. Die ist jedoch kein Allheilmittel sondern muss gezielt eingesetzt werden, um einen echten Mehrwert zu erzielen. Dr. Timo Steffens vom ..

https://heise.de/-3453595

SSA-701708 (Last Update 2016-11-07): Local Privilege Escalation in Industrial Products

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf

SSA-378531 (Last Update 2016-11-07): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf

IBM Security Bulletin: Vulnerability in IBM Java SDK affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2016-5597)

http://www.ibm.com/support/docview.wss?uid=swg21993700

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight (CVE-2016-3598)

http://www-01.ibm.com/support/docview.wss?uid=swg21992715

IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerability (CVE-2016-5388)

http://www.ibm.com/support/docview.wss?uid=swg21992977

Login Form Hijacking Vulnerability in Citrix NetScaler Gateway

https://support.citrix.com/article/CTX213313

Citrix XenServer Security Update for CVE-2016-0800

A security vulnerability has been identified in Citrix XenServer that could, if exploited, allow a malicious attacker with access to the XenServer ..

https://support.citrix.com/article/CTX208403

Multiple Security Vulnerabilities in Citrix NetScaler Platform ...

A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler ..

https://support.citrix.com/article/CTX216642