End-of-Shift report
Timeframe: Montag 21-11-2016 18:00 − Dienstag 22-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Windows 10 Cannot Protect Insecure Applications Like EMET Can
Recently, Microsoft published a blog post called Moving Beyond EMET that appears to make two main points: (1) Microsoft will no longer support EMET after July 31, 2018, and (2) Windows 10 provides protections that make EMET unnecessary. In this blog post, I explain why Windows 10 does not provide the additional protections that EMET does and why EMET is still an important tool to help prevent exploitation of vulnerabilities.
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
SSA-603476 (Last Update 2016-11-21): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf
Facebook Messenger: Malware via SVG
Vorsicht bei Dateianhängen in Facebooks Chat: Gekaperte Accounts versenden Schadsoftware - neuerdings in Form einer SVG-Grafik.
https://www.heise.de/newsticker/meldung/Facebook-Messenger-Malware-via-SVG-3493834.html
Moodle Vulns
Vuln: Moodle MSA-16-0026 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/94456
Vuln: Moodle CVE-2016-8643 Security Bypass Vulnerability
http://www.securityfocus.com/bid/94457
Vuln: Moodle CVE-2016-8644 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/94458
Exploit Code Released for NTP Vulnerability
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
The Kings in Your Castle, Pt. #3
In the third episode of Marion Marschaleks and Raphael Vinots series of articles on modern APTs, they will shine some light on the prevalence of Zero-Day vulnerabilities. In reality, the use of Zero-Days is far less common than expected. In fact, APT groups in some cases exploit vulnerabilities which are a couple of years old. On the side of the analysts, they will explain that identical hashes are by no means a reliable indicator for dealing with identical files.
https://blog.gdatasoftware.com/2016/11/29302-kings-in-your-castle-pt-3
TYPO3
Path Traversal in TYPO3 Core
https://typo3.org/news/article/path-traversal-in-typo3-core/
Insecure Unserialize in TYPO3 Backend
https://typo3.org/news/article/insecure-unserialize-in-typo3-backend/
Businesses as Ransomware's Goldmine: How Cerber Encrypts Database Files
Possibly to maximize the earning potential of Cerber's developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/KntWjaKLssw/
Android-Trojaner GT!tr.spy soll vor allem deutsche Bank-Kunden ins Visier nehmen
Fortinet ist nach eigenen Angaben auf einen aktuellen Android-Trojaner mit der Bezeichnung GT!tr.spy gestoßen, der es in erster Linie auf Kreditkarten- und Log-in-Daten von deutschen und österreichischen Bank-Kunden abgesehen hat. Davon sollen Kunden von nicht näher beschriebenen 15 deutschen und fünf österreichischen Banken bedroht sein ...
https://heise.de/-3494472
Exploit Code Released for NTP Vulnerability
NTP 4.2.8p9 includes a patch for a vulnerability that could crash ntpd with a single malformed packet.
http://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
FortiOS flow-mode detection bypass under certain conditions
A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends to impact long lived network sessions...
http://fortiguard.com/advisory/fortios-flow-mode-detection-bypass-under-certain-conditions
F5 Security Advisories
Security Advisory: OpenSSL vulnerability CVE-2016-8610
https://support.f5.com:443/kb/en-us/solutions/public/k/11/sol11307303.html?ref=rss
Security Advisory: ImageMagick vulnerabilities CVE-2015-8895 and CVE-2015-8896
https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30403302.html?ref=rss
Security Advisory: ImageMagick vulnerability CVE-2015-8898
https://support.f5.com:443/kb/en-us/solutions/public/k/68/sol68785753.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Network Protection
http://www-01.ibm.com/support/docview.wss?uid=swg21991724
IBM Security Bulletin: IBM Tivoli Storage Manager FastBack for Bare Machine Recovery Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091)
http://www.ibm.com/support/docview.wss?uid=swg21993925
IBM Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2016-6091)
http://www.ibm.com/support/docview.wss?uid=swg21993916
IBM Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 )
http://www-01.ibm.com/support/docview.wss?uid=swg21990083
IBM Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection
http://www-01.ibm.com/support/docview.wss?uid=swg21989336
IBM Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-3485)
http://www-01.ibm.com/support/docview.wss?uid=swg21993565
IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-0377
http://www-01.ibm.com/support/docview.wss?uid=swg21993522
IBM Vulnerabilities in BIND impact AIX (CVE-2016-2776, CVE-2016-2775)
http://aix.software.ibm.com/aix/efixes/security/bind_advisory13.asc
IBM Security Bulletin: Vulnerabilities in OpenSSL affect AIX
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc