Tageszusammenfassung - Mittwoch 30-11-2016

End-of-Shift report

Timeframe: Dienstag 29-11-2016 18:00 − Mittwoch 30-11-2016 18:00 Handler: Robert Waldner Co-Handler: n/a

Kritische Sicherheitslücke in Mozilla Firefox - aktiv ausgenützt - keine Patches verfügbar

Wie in diversen Medien berichtet wird, gibt es eine kritische Sicherheitslücke in aktuellen Versionen des Mozilla Firefox Browsers, für die noch kein Patch zur Verfügung steht. Diese wird auch bereits aktiv ausgenützt.

https://cert.at/warnings/all/20161130.html

Port 7547 in Österreich

seit meinem letzten Blogpost zu Mirai/TR-069 sind ein paar neue Informationen dazugekommen

https://cert.at/services/blog/20161130165710-1834.html

Ask Sucuri: Can Your cPanel Page Be Maliciously Redirected?

Many webmasters may not be aware that hackers are able to maliciously redirect cPanel pages. The specific tactic we describe in this article is unique. Included are recommendations to prevent it, along with other suspicious issues, through logs kept on cPanel servers.

https://blog.sucuri.net/2016/11/ask-sucuri-can-cpanel-page-maliciously-redirected.html

Vuln: Dell iDRAC7 and iDRAC8 Devices CVE-2016-5685 Code Injection Vulnerability

http://www.securityfocus.com/bid/94585

Emerson Liebert SiteScan XML External Entity Vulnerability

This advisory contains mitigation details for an XML External Entity vulnerability affecting Emerson's Liebert SiteScan application.

https://ics-cert.us-cert.gov/advisories/ICSA-16-334-01

Emerson DeltaV Easy Security Management Application Vulnerability

This advisory contains mitigation details for a vulnerability that affects Emerson's DeltaV Easy Security Management application.

https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02

Emerson DeltaV Wireless I/O Card Open SSH Port Vulnerability

This advisory contains mitigation details for a vulnerability in the Emerson DeltaV Wireless I/O Card.

https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03

DFN-CERT-2016-1960/">Apache Subversion: Eine Schwachstelle ermöglicht Denial-of-Service-Angriffe

https://portal.cert.dfn.de/adv/DFN-CERT-2016-1960/

Security Advisory - Command Injection Vulnerability in Huawei FusionAccess

http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161130-01-ldap-en

GCHQ presents CyberChef, an Open Source Data Analysis Tool

The GCHQ has released the code of a new open source web tool dubbed CyberChef, specifically designed for analyzing and decoding data.

http://securityaffairs.co/wordpress/53908/intelligence/gchq-cyberchef.html

Multiple I-O DATA network camera products multiple vulnerabilities

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities.

http://jvn.jp/en/jp/JVN25059363/

New Cerber Variant Leverages Tor2Web Proxies, Google Redirects

Researchers have discovered that criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection.

http://threatpost.com/new-cerber-variant-leverages-tor2web-proxies-google-redirects/122169/

An overview of the Payment Card Industry (PCI)

The payment card industry consists of all the organizations which store, process and transmit cardholder data and carry transactions through debit and credit cards. Many standards are developed to conduct these types of services in a secure way. The well-known standard for this purpose is Payment Card Industry Data Security Standards.

http://resources.infosecinstitute.com/an-overview-of-the-payment-card-industry-pci/

Großstörung bei der Telekom: Was wirklich geschah

Ein Sicherheitsexperte hat die Reaktion eines der anfälligen Speedport-Modelle analysiert und kommt zu einer überraschenden Erkenntnis: Die Geräte waren gar nicht anfällig für die TR-069-Sicherheitslücke.

https://heise.de/-3520212

GET pwned: Web CCTV cams can be hijacked by single HTTP request

An insecure web server embedded in more than 35 models of internet-connected CCTV cameras leaves countless devices wide open to hijacking, it is claimed.

http://www.theregister.co.uk/2016/11/30/iot_cameras_compromised_by_long_url/

Vuln: OpenJPEG CVE-2016-9675 Incomplete Fix Multiple Remote Heap Based Buffer Overflow Vulnerabilities

http://www.securityfocus.com/bid/94589

Cobalt Malware Threatens ATM Security

The hackers typically initiated the malware infection through phishing and spearphishing attacks. They sent malware laced emails to employees working at the banks. If some how a cyber security naive-employee clicked on a malicious link in an email or opened an attachment then their system would get infected.

https://blog.comodo.com/malware/cobalt-malware-threatens-atm-security/

Android-Malware Gooligan soll über 1 Million Google-Konten gekapert haben

Der Tojaner soll Smartphones rooten und Authentifizierungs-Tokens von Google-Accounts kopieren. Über einen Online-Service kann man prüfen, ob das eigene Konto betroffen ist.

https://heise.de/-3520778

IBM Security Bulletins

IBM Security Bulletin: Vulnerability in OpenSSH affects IBM i (CVE-2016-8858)

http://www-01.ibm.com/support/docview.wss?uid=nas8N1021734

IBM Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways

http://www-01.ibm.com/support/docview.wss?uid=swg21992996

IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation

http://www-01.ibm.com/support/docview.wss?uid=swg2C1000213

IBM Security Bulletin: Multiple Vulnerabilities affect IBM Domino & IBM iNotes

http://www.ibm.com/support/docview.wss?uid=swg21992835

IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-0785)

http://www-01.ibm.com/support/docview.wss?uid=swg21994386