End-of-Shift report
Timeframe: Mittwoch 30-11-2016 18:00 − Donnerstag 01-12-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
0-Day: Tor und Firefox patchen ausgenutzten Javascript-Exploit
Tor und Mozilla haben schnell reagiert und veröffentlichen einen außerplanmäßigen Patch für eine kritische Sicherheitslücke. Der Fehler lag in einer Animationsfunktion für Vektorgrafiken.
http://www.golem.de/news/0-day-tor-und-firefox-patchen-kritische-schwachstelle-1612-124808-rss.html
Avalanche Takedown
Am 30. November 2016 wurde durch ein breit angelegte Kooperation von Polizei (Europol, Eurojust, FBI, ...), Staatsanwälten und IT Sicherheitsorganisationen (BSI, Shadowserver, CERTs) das Avalanche Botnet übernommen. Die Zahlen von Shadowserver sind eindrucksvoll:...
http://www.cert.at/services/blog/20161201172722-1851.html
IBM warns of rising VoIP cyberattacks
Cyber-attacks using the VoIP protocol Session Initiation Protocol (SIP) have been growing this year accounting for over 51% of the security event activity analyzed in the last 12 months, according to a report from IBM's Security Intelligence group this week."SIP is one of the most commonly used application layer protocols in VoIP technology... we found that there has been an upward trend in attacks targeting the SIP protocol, with the most notable uptick occurring in the second...
http://www.cio.com/article/3146209/security/ibm-warns-of-rising-voip-cyberattacks.html#tk.rss_security
Shamoon 2: Return of the Disttrack Wiper
In August 2012, an attack campaign known as Shamoon targeted a Saudi Arabian energy company to deliver a malware called Disttrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The attack four years ago resulted in 30,000 or more systems being damaged. Last week, Unit 42...
http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
Fatal flaws in ten pacemakers make for Denial of Life attacks
Brit/Belgian research team decipher signals and devise wounding wireless attacks A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/01/denial_of_life_attacks_on_pacemakers/
New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer
In January of 2016, we found various "SmsSecurity" mobile apps that claimed to be from various banks. Since then, weve found some new variants of this attack that add new malicious capabilities. These capabilities include: anti-analysis measures, automatic rooting, language detection, and remote access via TeamViewer. In addition, SmsSecurity now cleverly uses the accessibility features of Android to help carry out its routines in a stealthy manner, without interaction from the...
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/ckweihUN7n8/
SAMRi10: Windows 10 hardening tool for thwarting network recon
Microsoft researchers Itay Grady and Tal Be'ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced "Samaritan"). User2 (non-admin) gets access denied by SAMRi10 when calling Net User remotely to a hardened Domain Controller Both the Net Cease tool they released in October and SAMRi10 are simple PowerShell scripts and are aimed at preventing attackers that are already inside a corporate network from mapping it...
https://www.helpnetsecurity.com/2016/12/01/samri10-windows-10-hardening/
Security Notice - Statement on Newsmth.net Forum Revealing Security Issue in Huawei P9 Smart Phone
http://www.huawei.com/en/psirt/security-notices/2016/huawei-sn-20161130-01-smartphone-en
USN-3141-1: Thunderbird vulnerabilities
Ubuntu Security Notice USN-3141-130th November, 2016thunderbird vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Thunderbird.Software description thunderbird - Mozilla Open Source mail and newsgroup client DetailsChristian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong,Tooru Fujisawa, and Randell Jesup discovered multiple memory safety...
http://www.ubuntu.com/usn/usn-3141-1/
Security Advisories Relating to Symantec Products - Norton App Lock Bypass
Symantec has addressed an issue where on some Android devices, Norton App Lock could have been bypassed, which could have allowed locked applications to be opened.
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161130_00
OpenAFS Security Advisory 2016-003
Due to incomplete initialization or clearing of reused memory, OpenAFS directory objects are likely to contain "dead" directory entry information. This extraneous information is not active - that is, it is logically invisible to the fileserver and client. However, the leaked information is physically visible on the fileserver vice partition,...
https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
Bugtraq: [security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access
http://www.securityfocus.com/archive/1/539855
Bugtraq: [security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution
http://www.securityfocus.com/archive/1/539857
Bugtraq: [security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege
http://www.securityfocus.com/archive/1/539863
Bugtraq: [security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection
http://www.securityfocus.com/archive/1/539864
IBM Security Bulletins
IBM Security Bulletin: A vulnerability in wget affects PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024556
IBM Security Bulletin: A vulnerability in DHCP affects PowerKVM (CVE-2016-5410)
http://www.ibm.com/support/docview.wss?uid=isg3T1024551
IBM Security Bulletin: Vulnerabilities in krb5 affect PowerKVM (CVE-2016-3119, CVE-2016-3120)
http://www.ibm.com/support/docview.wss?uid=isg3T1024550
IBM Security Bulletin: A vulnerability in util-linux affects PowerKVM (CVE-2016-5011)
http://www.ibm.com/support/docview.wss?uid=isg3T1024543
IBM Security Bulletin: A vulnerability in powerpc-utils-python affects PowerKVM (CVE-2014-8165)
http://www.ibm.com/support/docview.wss?uid=isg3T1024540
IBM Security Bulletin: A vulnerability in fontconfig affects PowerKVM (CVE-2016-5384)
http://www.ibm.com/support/docview.wss?uid=isg3T1024533
IBM Security Bulletin: A vulnerability in sudo affects PowerKVM (CVE-2016-7091)
http://www.ibm.com/support/docview.wss?uid=isg3T1024532
IBM Security Bulletin: A vulnerability in Python-RSA affects PowerKVM (CVE-2016-1494)
http://www.ibm.com/support/docview.wss?uid=isg3T1024409
IBM Security Bulletin: Vulnerabilities in bind affect PowerKVM (CVE-2016-2776, CVE-2016-8864)
http://www.ibm.com/support/docview.wss?uid=isg3T1024402
IBM Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
http://www.ibm.com/support/docview.wss?uid=isg3T1024401