End-of-Shift report
Timeframe: Donnerstag 10-11-2016 18:00 − Freitag 11-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Benevolent malware? reincarna/Linux.Wifatch, (Fri, Nov 11th)
In the new to me department. It looks like this one has been around for more thanthree years. Today I was doing some banner grabbing looking for a Mirainodethat had gotten away from me, and came across the Telnet banner below. It appears this device is infected with a piece of malware called Reincarna/Linux.Wifatch. It purports to being a memory resident malware that defends the device from more malicious malware.
https://isc.sans.edu/diary.html?storyid=21703&rss
BSI-Bericht zur Lage der IT-Sicherheit: Die Lage bleibt angespannt
In seinem neuesten Bericht beurteilt das Bundesamt für Sicherheit in der Informationstechnik die aktuelle Gefährdungslage der IT-Sicherheit in Deutschland. Dabei zeigt es Schwachstellen auf und bewertet unter anderem Angriffsmethoden.
https://www.heise.de/newsticker/meldung/BSI-Bericht-zur-Lage-der-IT-Sicherheit-Die-Lage-bleibt-angespannt-3463977.html
CA Unified Infrastructure Management Directory Traversal Vulnerability
This advisory contains mitigation details for a directory traversal vulnerability in CA Technologies Unified Infrastructure Management application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01
F5 Security Advisory: Linux TCP stack vulnerability CVE-2016-5696
https://support.f5.com:443/kb/en-us/solutions/public/k/46/sol46514822.html?ref=rss
Vuln: Brocade NetIron OS CVE-2016-8203 Memory Corruption Vulnerability
An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
Brocade NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a are vulnerable.
http://www.securityfocus.com/bid/94232
F5 Security Advisory: TMM vulnerability CVE-2016-7476
https://support.f5.com:443/kb/en-us/solutions/public/k/87/sol87416818.html?ref=rss
MyBB 1.8.6 Cross Site Scripting
These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user.
https://cxsecurity.com/issue/WLB-2016110096
Security Advisory - Path Traversal Vulnerability in Huawei Home Gateway Products
http://www.huawei.com/en/psirt/security-advisories/2015/hw-462908
Vuln: Multiple I-O DATA Network Camera Products CVE-2016-7814 Information Disclosure Vulnerability
An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks.
The following products and versions are vulnerable:
TS-WRLP firmware version 1.00.01 and prior
TS-WRLA firmware version 1.00.01 and prior
http://www.securityfocus.com/bid/94250
Security Advisory - Input Validation Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161111-01-mpls-en
Windows Mobile Application Penetration Testing Part 3: Sideloading
Introduction and Background: In the First article of the series, we have covered the introduction and background required to start learning Windows Mobile Application Penetration Testing. We have also seen the requirements for setting up Windows Phone 8.1 emulators as well as Windows 10 mobile emulators.
http://resources.infosecinstitute.com/windows-mobile-application-penetration-testing-part-3-sideloading/
TYPO3: Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)
It has been discovered that the extension "HTML5 Video Player" (html5videoplayer) is susceptible to Cross-Site Scripting.
https://typo3.org/news/article/cross-site-scripting-in-extension-html5-video-player-html5videoplayer/
TYPO3: Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail)
It has been discovered that the extension "TC Directmail " (tcdirectmail) is susceptible to Cross Site-Scripting and SQL Injection.
https://typo3.org/news/article/multiple-vulnerabilities-in-extension-tc-directmail-tcdirectmail/
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in PAM affect Power Hardware Management Console (CVE-2013-7041 and CVE-2015-3238)
http://www.ibm.com/support/docview.wss?uid=nas8N1021702
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 April 2016
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009348