Tageszusammenfassung - Donnerstag 15-12-2016

End-of-Shift report

Timeframe: Mittwoch 14-12-2016 18:00 − Donnerstag 15-12-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

No More Ransom Project Expands with 34 New Partners, 32 New Free Decryption Tools

The "No More Ransom" project, set up in July by Intel Security, Kaspersky Lab, Europol, and the Dutch National police to help victims of ransomware infections, has expanded today with 34 new partners, and 32 new decryptors that can help ransomware victims unlock their files for free. [...]

https://www.bleepingcomputer.com/news/security/no-more-ransom-project-expands-with-34-new-partners-32-new-free-decryption-tools/

Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides. Microsoft researchers have encountered twin threat activity groups that appear to target individuals for...

https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/

Yahoo muss erneut Massenhack beichten: Eine Milliarde Opfer

Im September hatte Yahoo einen Hack von über einer halben Milliarde Nutzerkonten bekanntgegeben. Den Rekord hat Yahoo nun gebrochen. Diesmal geht es um über eine Milliarde Konten. Dazu kommen gezielte Attacken mittels Cookies.

https://heise.de/-3570674

Mobile Ransomware: How to Protect Against It

In our previous post, we looked at how malware can lock devices, as well as the scare tactics used to convince victims to pay the ransom. Now that we know what bad guys can do, well discuss the detection and mitigation techniques that security vendors can use to stop them. By sharing these details with other researchers, we hope to improve the industrys collective knowledge on mobile ransomware mitigation.

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XaGWjnUqHoY/

DefCamp Romania 2016 Videos and Slides

November 10-11, 2016, Bucharest, Romania

https://def.camp/archives/2016/

The Kings in Your Castle, Pt #5

The last part in the article series about analyzing modern APTs deals with naming and attribution of APTs. This is far less trivial than it sounds. Analysts are often facing the same enemy all over again without realizing it.

https://blog.gdatasoftware.com/2016/12/29379-the-kings-in-your-castle-pt-5

Sicherheitslücken: Updates auch für ältere macOS-Versionen

Neben den in macOS Sierra und dem Browser Safari gestopften Schwachstellen hat Apple auch Sicherheits-Updates für OS X El Capitan und Yosemite veröffentlicht. Diese beheben eine kritische Schwachstelle.

https://heise.de/-3572108

Ask Sucuri: How to Stop Brute Force Attacks?

Again, there is no mystery to this: Enforce a strong password for all the users and a brute force attack will not succeed. The underlying problem, however, is a bit more complicated

https://blog.sucuri.net/2016/12/ask-sucuri-how-to-stop-brute-force-attacks.html

A Backdoor in Skype for Mac OS X

Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which provides an API to local programs/plugins executing on the local machine. The API is formally known as the Desktop API (previously known as the Skype...

http://trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/

5 Best Password Auditing Tools

A single weak password exposes your entire network to an external threat. Password hacking is one of the most critical and commonly exploited network security threats. In many ways, passwords should be viewed as your first line of defense where protecting your company's data is concerned. The huge number of data breaches occurs because someone...

http://resources.infosecinstitute.com/5-best-password-auditing-tools/

DFN-CERT-2016-2040: Netgear Router: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes mit Administratorrechten

Version 3 (2016-12-15 15:42) Der Hersteller aktualisiert den referenzierten Sicherheitshinweis und bestätigt auch die Verwundbarkeit von DSL-Modems mit den Modellnummern D6220 und D6400. Für alle verwundbaren WLAN- und DSL-Router stehen mittlerweile Firmwareupdates im Beta-Status als temporäre Lösung zur Verfügung. Netgear arbeitet weiter an einer Produktionsversion der Firmware für alle betroffenen Geräte.

https://portal.cert.dfn.de/adv/DFN-CERT-2016-2040/

Remote shell execution vulnerability affects Good Enterprise Mobility Server (BSRT-2016-008)

This advisory addresses a remote shell execution vulnerability that has been discovered in Good Enterprise Mobility Server (GEMS). BlackBerry is not aware of any exploitation of this vulnerability. Customer risk is limited by the requirement that a potential attacker possess access to the internal network and by the functionality of the Karaf command shell.

http://support.blackberry.com/kb/articleDetail?articleNumber=000038814

Bugtraq: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]

http://www.securityfocus.com/archive/1/539925

F5 Security Advisory: Kerberos vulnerability CVE-2014-4343

https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15553.html?ref=rss

Sentinel 7.4 SP4 (Sentinel 7.4.4.0) Build 2904

Abstract: Sentinel 7.4.3 upgrade for Sentinel 7.4Document ID: 5264470Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_server-7.4.4.0-2904.x86_64.tar.gz (1.74 GB)sentinel_server-7.4.4.0-2904.x86_64.tar.gz.sha256 (109 bytes)Products:SentinelSentinel 7.4.4Sentinel 7.XSentinel 7.2Sentinel 7.4Sentinel 7.3Sentinel 7.2.1Sentinel 7.2.2Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4.1Sentinel 7.4.2Sentinel 7.3.3Sentinel 7.4.3Sentinel 7.3.4Superceded Patches:Sentinel 7.4 SP3

https://download.novell.com/Download?buildid=RaGN-vIdupQ~

Security Advisory - Stack Overflow Vulnerability in Drive of Huawei Smart Phones

http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161215-01-smartphone-en

SAP

IBM Security Bulletins

IBM Security Bulletin: IBM Security Access Manager appliances allow web pages to be stored locally (CVE-2016-3024)

http://www.ibm.com/support/docview.wss?uid=swg21995340

IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3021)

http://www.ibm.com/support/docview.wss?uid=swg21995436

IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3023)

http://www.ibm.com/support/docview.wss?uid=swg21995348

IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to incorrect permission assignment (CVE-2016-3022)

http://www.ibm.com/support/docview.wss?uid=swg21995360

IBM Security Bulletin: IBM Security Access Manager appliances are affected by cross-site scripting vulnerabilities (CVE-2016-3018)

http://www.ibm.com/support/docview.wss?uid=swg21995347

IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability due to misconfiguration (CVE-2016-3017)

http://www.ibm.com/support/docview.wss?uid=swg21995519

IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability related to code integrity checking (CVE-2016-3016)

http://www.ibm.com/support/docview.wss?uid=swg21995518

IBM Security Bulletin: IBM Notes is affected with Open Source Apache Struts Vulnerabilities (CVE-2016-1181, CVE-2016-1182)

http://www-01.ibm.com/support/docview.wss?uid=swg21988182

IBM Security Bulletin: Multiple vulnerabilities in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4447, CVE-2016-4448, CVE-2016-4449)

http://www-01.ibm.com/support/docview.wss?uid=swg21989337

IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-3627)

http://www-01.ibm.com/support/docview.wss?uid=swg21991909

IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-5597)

http://www-01.ibm.com/support/docview.wss?uid=swg21995989

IBM Security Bulletin: Vulnerability in OpenSSLaffect IBM WebSphere MQ V6.0 on OpenVMS Alpha and Itanium platforms ( CVE-2016-2183 )

http://www.ibm.com/support/docview.wss?uid=swg21995922

IBM Security Bulletin: Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-6316, CVE-2016-6317

http://www-01.ibm.com/support/docview.wss?uid=swg21991913

IBM Security Bulletin: Cross-site request forgery vulnerability in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2016-6033)

http://www.ibm.com/support/docview.wss?uid=swg21995545

IBM Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984)

http://www-01.ibm.com/support/docview.wss?uid=swg21991682

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affects IBM BigFix Compliance Analytics. (CVE-2016-3485, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503)

http://www-01.ibm.com/support/docview.wss?uid=swg21991910

IBM Security Bulletin: IBM Security Access Manager appliances are affected by an SQL Injection vulnerability (CVE-2016-3046)

http://www.ibm.com/support/docview.wss?uid=swg21995527

IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information disclosure vulnerability (CVE-2016-3045)

http://www.ibm.com/support/docview.wss?uid=swg21995435

IBM Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3043)

http://www.ibm.com/support/docview.wss?uid=swg21995446

IBM Security Bulletin: Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (CVE-2016-4483)

http://www-01.ibm.com/support/docview.wss?uid=swg21991911