End-of-Shift report
Timeframe: Mittwoch 23-11-2016 18:00 − Donnerstag 24-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Don't let this Black Friday/Cyber Monday spam deliver Locky ransomware to you
We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we're seeing a spam campaign that Amazon customers need to be wary of.
https://blogs.technet.microsoft.com/mmpc/2016/11/23/dont-let-this-black-friday-cyber-monday-spam-deliver-locky-ransomware-to-you/
LXC CVE-2016-8649 Directory Traversal Vulnerability
An attacker can exploit this issue using directory-traversal characters (../) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
http://www.securityfocus.com/bid/94498/info
Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability
Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Samsung Galaxy devices with Marshmallow 6.0 are vulnerable.
http://www.securityfocus.com/bid/94494/info
w3m Multiple Security Vulnerabilities
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to w3m 0.5.3-33 are vulnerable.
http://www.securityfocus.com/bid/94464/discuss
Research on unsecured Wi-Fi networks across the world
We compared the situation with Wi-Fi traffic encryption in different countries using data from our threat database. We counted the number of reliable and unreliable networks in each country that has more than 10 thousand access points known to us
https://securelist.com/blog/research/76733/research-on-unsecured-wi-fi-networks-across-the-world/
DFN-CERT-2016-1942/">RealNetworks RealPlayer: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im RealPlayer ausnutzen, mit Hilfe einer schädlichen präparierten QCP-Mediendatei, zu deren Wiedergabe er einen Benutzer verleitet, um einen Denial-of-Service (DoS)-Angriff durchzuführen.
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1942/
Windows-Update für Secure-Boot-Fehler macht BIOS-Updates erforderlich
Mit dem Patch 3193479 beziehungsweise 3200970 für aktuelle Windows-(Server-)Versionen korrigiert Microsoft einen Bug in UEFI Secure Boot, doch einige Server starten danach nicht mehr.
https://heise.de/-3503589
Diagnosing cyber threats for smart hospitals
ENISA presents a study that sets the scene on information security for the adoption of IoT in Hospitals. The study which engaged information security officers from more than ten hospitals across the EU, depicts the smart hospital ICT ecosystem; and through a risk based approach focuses on relevant threats and vulnerabilities, analyses attack scenarios, and maps common good practices.
https://www.enisa.europa.eu/news/enisa-news/diagnosing-cyber-threats-for-smart-hospitals
Security Advisory: PHP vulnerability CVE-2016-6288
https://support.f5.com:443/kb/en-us/solutions/public/k/71/sol71814571.html?ref=rss
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd