Tageszusammenfassung - Freitag 27-05-2016

End-of-Shift report

Timeframe: Donnerstag 26-05-2016 18:00 − Freitag 27-05-2016 18:00 Handler: Stephan Richter Co-Handler: Alexander Riepl

VU#482135: MEDHOST Perioperative Information Management System contains hard-coded database credentials

MEDHOST Perioperative Information Management System (PIMS) versions prior to 2015R1 contain hard-coded credentials that are used for customer database access.

http://www.kb.cert.org/vuls/id/482135

Environmental Systems Corporation Data Controllers Vulnerabilities

This advisory contains mitigation details for data controller vulnerabilities in the Environmental Systems Corporation (ESC) 8832 Data Controller.

https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01

Sixnet BT Series Hard-coded Credentials Vulnerability

This advisory contains mitigation details for a hard-coded credential vulnerability in Sixnet's BT series routers.

https://ics-cert.us-cert.gov/advisories/ICSA-16-147-02

Black Box AlertWerks ServSensor Credential Management Vulnerability

This advisory contains mitigation details for a credential management vulnerability in Black Box's AlertWerks ServSensor devices.

https://ics-cert.us-cert.gov/advisories/ICSA-16-147-03

Bugtraq: ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

http://www.securityfocus.com/archive/1/538499

Up to a dozen banks are reportedly investigating potential SWIFT breaches

More banks have reportedly launched investigations into potential security breaches on their networks after hackers stole US$81 million from the Bangladesh ..

http://www.cio.com/article/3075448/up-to-a-dozen-banks-are-reportedly-investigating-potential-swift-breaches.html

Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc

Link (.lnk) to Ransom

We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate ..

https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/

Spoofer

Seeking to minimize Internets susceptibility to spoofed DDoS attacks, we are developing and supporting open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices. This ..

http://www.caida.org/projects/spoofer/

Security Advisory - Apache Struts2 Remote Code Execution Vulnerability in Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160527-01-struts2-en

Path Traversal in extension "Media management" (media)

https://typo3.org/news/article/path-traversal-in-extension-media-management-media/

Cross-Site Scripting in extension "Formhandler" (formhandler)

https://typo3.org/news/article/cross-site-scripting-in-extension-formhandler-formhandler/

Global companies arent quick to patch 'high' severity flaw in OpenSSL

Yet another Padding Oracle flaw (CVE-2016-2107), allowing decrypting TLS traffic in a MITM attack, remains exploitable on the most popular web and email servers.

https://www.htbridge.com/blog/CVE-2016-2107-padding-oracle-exploit.html

TLS-Zertifikate: Google zieht Daumenschrauben der CAs weiter an

Ab Juni müssen alle Symantec-CAs ihre Aktivitäten via Certificate Transparency registrieren. Sonst werden die Zertifikats-Inhaber abgestraft. Das könnte auch andere CAs treffen.

http://heise.de/-3215053

Cisco Firepower Management Center Web Interface Code Injection Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc

Android Banking Trojan 'SpyLocker' Targets More Banks in Europe

Since the discovery of the Android banking Trojan SpyLocker, Intel Security has closely monitored this threat. SpyLocker first appeared disguised as Adobe Flash Player and targeted customers of banks in Australia, New Zealand, and ..

https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-spylocker-targets-more-banks-in-europe/