Tageszusammenfassung - Freitag 16-12-2016

End-of-Shift report

Timeframe: Donnerstag 15-12-2016 18:00 − Freitag 16-12-2016 18:00 Handler: Stephan Richter Co-Handler: n/a

My Yahoo Account Was Hacked! Now What?

Many readers are asking what they should be doing in response to Yahoos disclosure Wednesday that a billion of its user accounts were hacked. Here are a few suggestions and pointers, fashioned into a good old Q&A format.

https://krebsonsecurity.com/2016/12/my-yahoo-account-was-hacked-now-what/


0-days hitting Fedora and Ubuntu open desktops to a world of hurt

If your desktop runs a mainstream release of Linux, chances are youre vulnerable.

http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-hacking-desktop-linux-is-now-a-thing/


One, if by email, and two, if by EK: The Cerbers are coming!, (Fri, Dec 16th)

Introduction One, if by land, and two, if by sea is a phrase used by American poet Henry Wadsworth Longfellow in his poem Paul Reveres Ride first published in 1861. Longfellows poem tells a somewhat fictionalized tale of Paul Revere in 1775 during the American revolution. If British troops came to attack by land, Paul would hang one lantern in a church tower as a signal light. If British troops came by sea, Paul would hang two lanterns. Much like the British arriving by land or by sea, Cerber

https://isc.sans.edu/diary.html?storyid=21823&rss


Phishing: "Es gibt immer noch genügend Opfer"

Olaf Schwarz, Information Security Officer bei der Direktbank ING-DiBa Austria, über Phishing und andere Betrugsmethoden bei Bankgeschäften im Internet.

https://futurezone.at/digital-life/phishing-es-gibt-immer-noch-genuegend-opfer/235.972.707


Hackerangriff auf Thyssenkrupp: Winnti spioniert deutsche Wirtschaft aus

Der Angriff auf Thyssenkrupp soll auf das Konto der Hackergruppe Winnti gehen, die früher Gaming-Plattformen attackiert hat. Weitere deutsche Firmen sollen betroffen sein.

http://www.golem.de/news/hackerangriff-auf-thyssenkrupp-winnti-spioniert-deutsche-wirtschaft-aus-1612-125103-rss.html


Microsoft to ditch Flash - sort of

Edge is getting more granular Flash controls, but that means you wont have to have it on for all sites just so its on for one.

https://nakedsecurity.sophos.com/2016/12/16/microsoft-to-ditch-flash-sort-of/


Mac-Passwort lässt sich über Thunderbolt auslesen

Mit Hardware von der Stange kann ein Angreifer in rund 30 Sekunden das im Klartext vorliegende Passwort abgreifen und so Apples Festplattenverschlüsselung FileVault überwinden.

https://heise.de/-3573385


Linux-Sicherheit: Ubuntu-Bug ermöglicht das Ausführen von Schadcode

Ein schwerer Fehler in Ubuntus Crash-Handler Apport ermöglicht es Angreifern, auf einem Zielrechner beliebigen Code aus der Ferne auszuführen.

http://www.golem.de/news/linux-sicherheit-ubuntu-bug-ermoeglicht-das-ausfuehren-von-schadcode-1612-125112-rss.html


Smart Airports: How to protect airport passengers from cyber disruptions

ENISA publishes a study on "Securing smart airports" providing airport decision makers and security personnel a concrete guide on preventing cyber-attacks and disruptions.

https://www.enisa.europa.eu/news/enisa-news/smart-airports-how-to-protect-airport-passengers-from-cyber-disruptions


Security Advisory - Input Validation Vulnerability in Wi-Fi Driver of Huawei Smart Phones

http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161216-01-smartphone-en


SSA-856492 (Last Update 2016-12-16): Limited Entropy in PRNG of Desigo PX Web Modules

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf


Bugtraq: [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities

http://www.securityfocus.com/archive/1/539934


DFN-CERT-2016-2081: Red Hat JBoss Core Services: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes

https://portal.cert.dfn.de/adv/DFN-CERT-2016-2081/


Security Advisory: TMM vulnerability CVE-2016-9247

https://support.f5.com:443/kb/en-us/solutions/public/k/33/sol33500120.html?ref=rss


Security Advisory: BIG-IP TMM iRules vulnerability CVE-2016-5024

https://support.f5.com:443/kb/en-us/solutions/public/k/92/sol92859602.html?ref=rss


Sentinel 8.0.0 P1 (Sentinel 8.0.0.1) Build 3404

Abstract: Sentinel 8.0.0. upgrade patch for Sentinel 7 and 8Document ID: 5264730Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz (65.02 MB)sentinel_opensourcecomponents-8.0.0.1-3404.tar.gz.sha256 (117 bytes)sentinel_server-8.0.0.1-3404.x86_64.tar.gz (2.09 GB)sentinel_server-8.0.0.1-3404.x86_64.tar.gz.sha256 (109 bytes)Products:Sentinel 7SentinelSentinel 7.3Sentinel 7.3.1Sentinel 7.3.2Sentinel 7.4Sentinel 7.3.3Sentinel

https://download.novell.com/Download?buildid=3iJxPcG2H9M~


Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability

This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Fatek Automation's PLC WinProladder application.

https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01


OmniMetrix OmniView Vulnerabilities

This advisory contains mitigation details for vulnerabilities in OmniMetrix's OmniView web application.

https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02


Mutiple SONY Videoconference Systems do not properly perform authentication

Mutiple SONY Videoconference Systems do not properly perform authentication.

http://jvn.jp/en/jp/JVN42070907/


ZDI-16-670: Avira Free Antivirus ssmdrv Kernel Driver Memory Corruption Privilege Escalation Vulnerability

This vulnerability allows attackers to escalate privileges on vulnerable installations of Avira Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

http://www.zerodayinitiative.com/advisories/ZDI-16-670/


ZDI: Autodesk Design Review Remote Code Execution Vulnerabilities

ZDI-16-669: Autodesk Design Review JFIF Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-669/

ZDI-16-668: Autodesk Design Review PNG Use-After-Free Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-668/

ZDI-16-667: Autodesk Design Review BMP Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-667/

ZDI-16-666: Autodesk Design Review FLI Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-666/

ZDI-16-665: Autodesk Design Review GIF LZW Out-Of-Bounds Indexing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-665/

ZDI-16-664: Autodesk Design Review JPEG DHT Out-Of-Bounds Indexing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-664/

IBM Security Bulletins

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM StoredIQ (CVE-2016-2177, CVE-2016-2178, CVE-2016-2180)

http://www-01.ibm.com/support/docview.wss?uid=swg21994870

IBM Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher affects Communications Server for Data Center Deployment, Communications Server for AIX, Linux, Linux on System z, and Windows (CVE-2016-2183)

http://www.ibm.com/support/docview.wss?uid=swg21995057

IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

http://www-01.ibm.com/support/docview.wss?uid=swg21993842

IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2016-3485 CVE-2016-5597)

http://www.ibm.com/support/docview.wss?uid=swg21990635

IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM)

http://www-01.ibm.com/support/docview.wss?uid=isg3T1024669