End-of-Shift report
Timeframe: Mittwoch 08-06-2016 18:00 − Donnerstag 09-06-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
AVM warnt vor Telefonmissbrauch bei Routern mit älterer Firmware
Fritzboxen mit "seltenen Konfigurationen" und älterer Firmware könnten aktuell Opfer von Angreifern werden, die auf Telefonbetrug zielen. AVM rät zu Updates.
http://heise.de/-3232343
Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable
D-Links DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited.
http://threatpost.com/unpatched-d-link-wi-fi-camera-flaw-remotely-exploitable/118549/
Skype being used to distribute malware
Skype being used to distribute QRAT malware to unsuspecting travelers looking for help on filling out U.S, travel documents.
http://www.scmagazine.com/skype-being-used-to-distribute-malware/article/501869/
Searching for malspam, (Thu, Jun 9th)
Introduction About a week ago, I stopped seeing the daily deluge of malicious spam (malspam) distributing Dridex banking trojans or Locky ransomware. Before this month, I generally noticed multiple waves of Dridex/Locky malspam almost every day. This malspam contains attachments with zipped .js files or Microsoft Office documents designed to download and install the malware. I havent found much discussion about the current absence of Dridex/Locky malspam. Since the actor(s) behind Dridex...
https://isc.sans.edu/diary.html?storyid=21145&rss
Security: Locky- und Dridex-Botnetz ist spurlos verschwunden
Sicherheitsforscher haben einen massiven Rückgang von Infektionen der bekannten Malware-Familien Dridex und Locky beobachtet. Schuld sind offenbar Probleme beim verteilenden Botnetz. Für Locky gibt es keine neue Infrastruktur. Was mit Opfern passiert, ist derzeit offen.
http://www.golem.de/news/security-wo-ist-nur-das-botnetz-hin-1606-121396-rss.html
REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033
Advisory ID: DRUPAL-SA-CONTRIB-2016-033Project: REST/JSON (third-party module)Version: 7.xDate: 2016-June-08Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Access bypass, Information Disclosure, Multiple vulnerabilitiesDescriptionThis module enables you to expose content, users and comments via a JSON API.The module contains multiple vulnerabilities includingNode access bypassComment access bypassUser enumerationField access bypassUser registration...
https://www.drupal.org/node/2744889
Citrix XenServer Security Update for CVE-2016-5302
A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host.
https://support.citrix.com/article/CTX213549
Bugtraq: ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability
http://www.securityfocus.com/archive/1/538634
Bugtraq: ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability
http://www.securityfocus.com/archive/1/538635
Security Advisory: Custom monitor privilege escalation vulnerability CVE-2016-5020
https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00265182.html?ref=rss
Security Advisory: PHP vulnerability CVE-2016-4070
https://support.f5.com:443/kb/en-us/solutions/public/k/42/sol42065024.html?ref=rss
SSA-526760 (Last Update 2016-06-08): Weak Credentials Protection in SIMATIC WinCC flexible
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf
SSA-818183 (Last Update 2016-06-08): Denial-of-Service Vulnerability in S7-300 CPU
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf
SSA-301706 (Last Update 2016-06-08): GNU C Library Vulnerability in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf
Bugtraq: [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery
http://www.securityfocus.com/archive/1/538630
Bugtraq: [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands
http://www.securityfocus.com/archive/1/538629
Bugtraq: [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities
http://www.securityfocus.com/archive/1/538633
Bugtraq: [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities
http://www.securityfocus.com/archive/1/538632
Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet
Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic
Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
IBM Security Bulletins
IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino
http://www.ibm.com/support/docview.wss?uid=swg21984678
IBM Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560)
http://www-01.ibm.com/support/docview.wss?uid=swg21984231
IBM Security Bulletin: IBM Client Application Access InstallShield vulnerable to DLL planting (CVE-2016-2542)
http://www.ibm.com/support/docview.wss?uid=swg21981968
IBM Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267)
http://www.ibm.com/support/docview.wss?uid=swg2C1000151
IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702)
http://www.ibm.com/support/docview.wss?uid=swg21981021
IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM SDK for Node.js in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855)
http://www-01.ibm.com/support/docview.wss?uid=swg21983514
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
http://www.ibm.com/support/docview.wss?uid=swg21984424
IBM Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427)
http://www.ibm.com/support/docview.wss?uid=swg21984436