End-of-Shift report
Timeframe: Montag 12-12-2016 18:00 − Dienstag 13-12-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
(Adobe) Security Bulletins Posted
- Adobe Animate (APSB16-38)
- Adobe Flash Player (APSB16-39)
- Adobe Experience Manager Forms (APSB6-40)
- Adobe DNG Converter (APSB16-41)
- Adobe Experience Manager (APSB16-42)
- Adobe InDesign (APSB16-43)
- Adobe ColdFusion Builder (APSB16-44)
- Adobe Digital Editions (APSB16-45)
- Adobe RoboHelp (APSB16-46)
https://blogs.adobe.com/psirt/?p=1426
The importance of cryptography for the digital society
Following the Council meeting on 8th and 9th December 2016 in Brussels, ENISA's paper gives an overview into aspects around the current debate on encryption, while highlighting the Agency's key messages and views on the topic.
https://www.enisa.europa.eu/news/enisa-news/the-importance-of-cryptography-for-the-digital-society
Vuln: PHP ext/wddx/wddx.c Denial of Service Vulnerability
http://www.securityfocus.com/bid/94846
Vuln: PHP ext/standard/var.c Incomplete Fix Use After Free Remote Code Execution Vulnerability
Use After Free in PHP7 unserialize()
http://www.securityfocus.com/bid/94849
Unrestricted Backend Login Backdoor Method Seen in OpenCart
>
From the attacker's perspective, creating ways to maintain access to a compromised website is desirable. This allows them to further distribute malware and perform different kinds of malicious activities. One of the ways attackers try to secure their access is by adding admin users, or pieces of malicious code throughout the site. This allows them to regain access easily, if needed. However, we recently found a unique way to achieve this kind of breach in OpenCart version 1.5.6.4.
https://blog.sucuri.net/2016/12/unrestricted-backend-login.html
State of the Web 2016: Jede zweite Website ist ein Sicherheitsrisiko
Schwachstellen im Internet werden immer mehr, stellt Menlo Security in seinem Bericht über den "State of the Web" fest. Eine wichtige Rolle spielt das Nachladen externer Inhalte über Werbe-Netzwerke und Content Delivery Networks.
https://heise.de/-3569114
Netgear-Lücke dramatischer als angenommen, erste Sicherheits-Updates
Die hochkritische Lücke im Web-Interface betrifft deutlich mehr Netgear-Router als bislang angenommen. Für eine Handvoll Gerät hat der Hersteller inzwischen eine Beta-Firmware herausgegeben, die das Problem löst.
https://heise.de/-3569299
IBM Security Bulletins
IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility (CVE-2016-5597)
http://www-01.ibm.com/support/docview.wss?uid=swg21995588
IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU Oct 2016 Includes Oracle Oct 2016 CPU affect Content Collector for File Systems
https://www-01.ibm.com/support/docview.wss?uid=swg21995474
IBM Security Bulletin: Vulnerability CVE-2016-7099 and CVE-2016-5325 in Node.js affects IBM i
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021765
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Enterprise Content Management System Monitor (CVE-2016-6304, CVE-2016-2177)
http://www-01.ibm.com/support/docview.wss?uid=swg21995038
IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Enterprise Content Management System Monitor (CVE-2016-3485)
http://www-01.ibm.com/support/docview.wss?uid=swg21995042
IBM Security Bulletin: Multiple vulnerabilities in Samba, BIND and Libreswan affect IBM Netezza Host Management
http://www.ibm.com/support/docview.wss?uid=swg21994231
IBM Security Bulletin: Vulnerability in Open Source Apache Tomcat , Commons FileUpload affect IBM Enterprise Content Management System Monitor (CVE-2016-3092)
http://www-01.ibm.com/support/docview.wss?uid=swg21995043
IBM Security Bulletin: Multiple security issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On
http://www.ibm.com/support/docview.wss?uid=swg21994534
IBM Security Bulletin: Vulnerabilities in OpenSSL and PHP affect IBM Tealeaf Customer Experience (CVE-2016-2107, CVE-2016-6290, CVE-2016-7125)
http://www.ibm.com/support/docview.wss?uid=swg21992307
IBM Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and IBM Java Runtime affect IBM Tealeaf Customer Experience (CVE-2016-0378, CVE-2016-3485, CVE-2016-5986)
http://www.ibm.com/support/docview.wss?uid=swg21994537