End-of-Shift report
Timeframe: Donnerstag 15-12-2016 18:00 − Freitag 16-12-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
My Yahoo Account Was Hacked! Now What?
Many readers are asking what they should be doing in response to Yahoos disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q&A format.
https://krebsonsecurity.com/2016/12/my-yahoo-account-was-hacked-now-what/
0-days hitting Fedora and Ubuntu open desktops to a world of hurt
If your desktop runs a mainstream release of Linux, chances are youre vulnerable.
http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-hacking-desktop-linux-is-now-a-thing/
One, if by email, and two, if by EK: The Cerbers are coming!, (Fri, Dec 16th)
Introduction One, if by land, and two, if by sea is a phrase used by American poet Henry Wadsworth Longfellow in his poem Paul Reveres Ride first published in 1861. Longfellows poem tells a somewhat fictionalized tale of Paul Revere in 1775 during the American revolution. If British troops came to attack by land, Paul would hang one lantern in a church tower as a signal light. If British troops came by sea, Paul would hang two lanterns. Much like the British arriving by land or by sea, Cerber
https://isc.sans.edu/diary.html?storyid=21823&rss
Phishing: "Es gibt immer noch genügend Opfer"
Olaf Schwarz, Information Security Officer bei der Direktbank ING-DiBa Austria, über Phishing und andere Betrugsmethoden bei Bankgeschäften im Internet.
https://futurezone.at/digital-life/phishing-es-gibt-immer-noch-genuegend-opfer/235.972.707
Hackerangriff auf Thyssenkrupp: Winnti spioniert deutsche Wirtschaft aus
Der Angriff auf Thyssenkrupp soll auf das Konto der Hackergruppe Winnti gehen, die früher Gaming-Plattformen attackiert hat. Weitere deutsche Firmen sollen betroffen sein.
http://www.golem.de/news/hackerangriff-auf-thyssenkrupp-winnti-spioniert-deutsche-wirtschaft-aus-1612-125103-rss.html
Microsoft to ditch Flash - sort of
Edge is getting more granular Flash controls, but that means you wont have to have it on for all sites just so its on for one.
https://nakedsecurity.sophos.com/2016/12/16/microsoft-to-ditch-flash-sort-of/
Mac-Passwort lässt sich über Thunderbolt auslesen
Mit Hardware von der Stange kann ein Angreifer in rund 30 Sekunden das im Klartext vorliegende Passwort abgreifen und so Apples Festplattenverschlüsselung FileVault überwinden.
https://heise.de/-3573385
Linux-Sicherheit: Ubuntu-Bug ermöglicht das Ausführen von Schadcode
Ein schwerer Fehler in Ubuntus Crash-Handler Apport ermöglicht es Angreifern, auf einem Zielrechner beliebigen Code aus der Ferne auszuführen.
http://www.golem.de/news/linux-sicherheit-ubuntu-bug-ermoeglicht-das-ausfuehren-von-schadcode-1612-125112-rss.html
Smart Airports: How to protect airport passengers from cyber disruptions
ENISA publishes a study on "Securing smart airports" providing airport decision makers and security personnel a concrete guide on preventing cyber-attacks and disruptions.
https://www.enisa.europa.eu/news/enisa-news/smart-airports-how-to-protect-airport-passengers-from-cyber-disruptions
Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161216-01-smartphone-en
SSA-856492 (Last Update 2016-12-16): Limited Entropy in PRNG of Desigo PX Web Modules
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf
Bugtraq: [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities
http://www.securityfocus.com/archive/1/539934
DFN-CERT-2016-2081: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-2081/
Security Advisory: TMM vulnerability CVE-2016-9247
https://support.f5.com:443/kb/en-us/solutions/public/k/33/sol33500120.html?ref=rss
Security Advisory: BIG-IP TMM iRules vulnerability CVE-2016-5024
https://support.f5.com:443/kb/en-us/solutions/public/k/92/sol92859602.html?ref=rss
Sentinel 8.0.0 P1 (Sentinel 8.0.0.1) Build 3404
Abstract: Sentinel 8.0.0. upgrade patch for Sentinel 7 and 8Document ID: 5264730Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz (65.02 MB)sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz.sha256 (117 bytes)sentinel_server-8.0.0.1-3404.x86_64.tar.gz (2.09 GB)sentinel_server-8.0.0.1-3404.x86_64.tar.gz.sha256 (109 bytes)Products:Sentinel 7SentinelSentinel 7.3Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4Sentinel 7.3.3Sentinel
https://download.novell.com/Download?buildid=3iJxPcG2H9M~
Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Fatek Automation's PLC WinProladder application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01
OmniMetrix OmniView Vulnerabilities
This advisory contains mitigation details for vulnerabilities in OmniMetrix's OmniView web application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02
Mutiple SONY Videoconference Systems do not properly perform authentication
Mutiple SONY Videoconference Systems do not properly perform authentication.
http://jvn.jp/en/jp/JVN42070907/
ZDI-16-670: Avira Free Antivirus ssmdrv Kernel Driver Memory Corruption Privilege Escalation Vulnerability
This vulnerability allows attackers to escalate privileges on vulnerable installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
http://www.zerodayinitiative.com/advisories/ZDI-16-670/
ZDI: Autodesk Design Review Remote Code Execution Vulnerabilities
ZDI-16-669: Autodesk Design Review JFIF Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-16-669/
ZDI-16-668: Autodesk Design Review PNG Use-After-Free Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-16-668/
ZDI-16-667: Autodesk Design Review BMP Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-16-667/
ZDI-16-666: Autodesk Design Review FLI Buffer Overflow Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-16-666/
ZDI-16-665: Autodesk Design Review GIF LZW Out-Of-Bounds Indexing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-16-665/
ZDI-16-664: Autodesk Design Review JPEG DHT Out-Of-Bounds Indexing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-16-664/
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM StoredIQ (CVE-2016-2177, CVE-2016-2178, CVE-2016-2180)
http://www-01.ibm.com/support/docview.wss?uid=swg21994870
IBM Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher affects Communications Server for Data Center Deployment, Communications Server for AIX, Linux, Linux on System z, and Windows (CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=swg21995057
IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix
http://www-01.ibm.com/support/docview.wss?uid=swg21993842
IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2016-3485 CVE-2016-5597)
http://www.ibm.com/support/docview.wss?uid=swg21990635
IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024669