Tageszusammenfassung - Freitag 29-04-2016

End-of-Shift report

Timeframe: Donnerstag 28-04-2016 18:00 − Freitag 29-04-2016 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

A Dramatic Rise in ATM Skimming Attacks

Skimming attacks on ATMs increased at an alarming rate last year for both American and European banks and their customers, according to recent stats collected by fraud trackers. The trend appears to be continuing into 2016, with outbreaks of skimming activity visiting a much broader swath of the United States than in years past.

http://krebsonsecurity.com/2016/04/a-dramatic-rise-in-atm-skimming-attacks/

Security: Der Internetminister hat Heartbleed

Die Webseite des Bundesministeriums für Verkehr und digitale Infrastruktur war für eine seit fast zwei Jahren geschlossene, kritische Sicherheitslücke anfällig. Das kompromittierte Zertifikat wird weiterhin verwendet. (Heartbleed, Verschlüsselung)

http://www.golem.de/news/security-der-internetminister-hat-heartbleed-1604-120635-rss.html

Zahlreiche Zugangsdaten für den Messaging-Dienst Slack auf GitHub entdeckt

Die Sicherheitsfirma Detectify hat über tausend Zugangs-Tokens für Slack in öffentlich zugänglichen GitHub-Repositories gefunden.

http://heise.de/-3194000

eBay-Phisher gehen mit persönlichen Details auf Opferfang

Derzeit sind besonders perfide Phishing-Mails im Namen von eBay unterwegs. In den Nachrichten werden die Empfänger mit komplettem Namen und vollständiger Anschrift angesprochen.

http://heise.de/-3194026

Got ransomware? These tools may help

Your computer has been infected by ransomware. All those files -- personal documents, images, videos, and audio files -- are locked up and out of your reach.There may be a way to get those files back without paying a ransom. But first a couple of basic questions:Do you you have complete backups? If so, recovery is simply a matter of wiping the machine -- bye bye, ransomware! -- reinstalling your applications, and restoring the data files. Its a little stressful, but doable.Are they good...

http://www.cio.com/article/3063048/security/got-ransomware-these-tools-may-help.html#tk.rss_security

Sysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck. (Fri, Apr 29th)

https://isc.sans.edu/diary.html?storyid=21001 https://blogs.technet.microsoft.com/sysinternals/2016/04/28/update-sysmon-v4-procdump-v8-sigcheck-v2-51

BIND 9.9.9/9.10.4 released

https://lists.isc.org/pipermail/bind-announce/2016-April/000986.html https://lists.isc.org/pipermail/bind-announce/2016-April/000987.html https://lists.isc.org/pipermail/bind-announce/2016-April/thread.html

DFN-CERT-2016-0686: Jenkins: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen

https://portal.cert.dfn.de/adv/DFN-CERT-2016-0686/

[HTB23301]: SQL Injection in GLPI

Product: GLPI v0.90.2Vulnerability Type: SQL Injection [CWE-89]Risk level: High Creater: INDEPNET Advisory Publication: April 8, 2016 [without technical details]Public Disclosure: April 29, 2016 CVE Reference: Pending CVSSv2 Base Score: 7.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L] Vulnerability Details: High-Tech Bridge Security Research Lab discovered a high-risk SQL injection vulnerability in a popular Information Resource Manager (IRM) system GLPI. IRM systems are usually used for...

https://www.htbridge.com/advisory/HTB23301

Bugtraq: [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS)

http://www.securityfocus.com/archive/1/538219

Cisco Information Server XML Parser Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis

APPLE-SA-2016-04-28-1 OS X: Flash Player plug-in blocked

APPLE-SA-2016-04-28-1 OS X: Flash Player plug-in blockedDue to security and stability issues in older versions, Applehas updated the web plug-in blocking mechanism to disable allversions prior to Flash Player 21.0.0.226 and 18.0.0.343.Information on blocked web plug-ins will be posted to: [...]

http://prod.lists.apple.com/archives/security-announce/2016/Apr/msg00000.html

Moxa NPort Device Vulnerabilities (Update B)

This alert update is a follow-up to the NCCIC/ICS-CERT updated alert titled ICS-ALERT-16-099-01A Moxa NPort Device Vulnerabilities that was published April 20, 2016, on the ICS-CERT web page. ICS-CERT is aware of a public report of vulnerabilities affecting multiple models of the Moxa NPort device. These vulnerabilities were reported by Reid Wightman of Digital Bonds Labs, who coordinated with the vendor but not with ICS-CERT.

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01

SSA-763427 (Last Update 2016-04-29): Vulnerability in Communication Processor (CP) modules SIMATIC CP 343-1, TIM 3V-IE, TIM 4R-IE, and CP 443-1

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf

SSA-921524 (Last Update 2016-04-29): Incorrect Frame Padding in ROS-based Devices

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-921524.pdf

IBM Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time

http://www.ibm.com/support/docview.wss?uid=swg21982198

IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM QuickFile (CVE-2015-2017).

http://www.ibm.com/support/docview.wss?uid=swg21977561