Tageszusammenfassung - Donnerstag 9-06-2016

End-of-Shift report

Timeframe: Mittwoch 08-06-2016 18:00 − Donnerstag 09-06-2016 18:00 Handler: Stephan Richter Co-Handler: n/a

AVM warnt vor Telefonmissbrauch bei Routern mit älterer Firmware

Fritzboxen mit "seltenen Konfigurationen" und älterer Firmware könnten aktuell Opfer von Angreifern werden, die auf Telefonbetrug zielen. AVM rät zu Updates.

http://heise.de/-3232343

---

Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable

D-Links DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited.

http://threatpost.com/unpatched-d-link-wi-fi-camera-flaw-remotely-exploitable/118549/

---

Skype being used to distribute malware

Skype being used to distribute QRAT malware to unsuspecting travelers looking for help on filling out U.S, travel documents.

http://www.scmagazine.com/skype-being-used-to-distribute-malware/article/501869/

---

Searching for malspam, (Thu, Jun 9th)

Introduction About a week ago, I stopped seeing the daily deluge of malicious spam (malspam) distributing Dridex banking trojans or Locky ransomware. Before this month, I generally noticed multiple waves of Dridex/Locky malspam almost every day. This malspam contains attachments with zipped .js files or Microsoft Office documents designed to download and install the malware. I havent found much discussion about the current absence of Dridex/Locky malspam. Since the actor(s) behind Dridex...

https://isc.sans.edu/diary.html?storyid=21145&rss

---

Security: Locky- und Dridex-Botnetz ist spurlos verschwunden

Sicherheitsforscher haben einen massiven Rückgang von Infektionen der bekannten Malware-Familien Dridex und Locky beobachtet. Schuld sind offenbar Probleme beim verteilenden Botnetz. Für Locky gibt es keine neue Infrastruktur. Was mit Opfern passiert, ist derzeit offen.

http://www.golem.de/news/security-wo-ist-nur-das-botnetz-hin-1606-121396-rss.html

---

REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033

Advisory ID: DRUPAL-SA-CONTRIB-2016-033Project: REST/JSON (third-party module)Version: 7.xDate: 2016-June-08Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Access bypass, Information Disclosure, Multiple vulnerabilitiesDescriptionThis module enables you to expose content, users and comments via a JSON API.The module contains multiple vulnerabilities includingNode access bypassComment access bypassUser enumerationField access bypassUser registration...

https://www.drupal.org/node/2744889

---

Citrix XenServer Security Update for CVE-2016-5302

A security vulnerability has been identified in XenServer 7.0 that may allow an attacker on the management network who is in possession of Active Directory credentials for an AD account that is not authorised to manage a XenServer host to compromise that host.

https://support.citrix.com/article/CTX213549

---

Bugtraq: ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability

http://www.securityfocus.com/archive/1/538634

---

Bugtraq: ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability

http://www.securityfocus.com/archive/1/538635

---

Security Advisory: Custom monitor privilege escalation vulnerability CVE-2016-5020

https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00265182.html?ref=rss

---

Security Advisory: PHP vulnerability CVE-2016-4070

https://support.f5.com:443/kb/en-us/solutions/public/k/42/sol42065024.html?ref=rss

---

SSA-526760 (Last Update 2016-06-08): Weak Credentials Protection in SIMATIC WinCC flexible

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf

---

SSA-818183 (Last Update 2016-06-08): Denial-of-Service Vulnerability in S7-300 CPU

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf

---

SSA-301706 (Last Update 2016-06-08): GNU C Library Vulnerability in Industrial Products

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf

---

Bugtraq: [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery

http://www.securityfocus.com/archive/1/538630

---

Bugtraq: [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands

http://www.securityfocus.com/archive/1/538629

---

Bugtraq: [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities

http://www.securityfocus.com/archive/1/538633

---

Bugtraq: [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities

http://www.securityfocus.com/archive/1/538632

---

Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet

---

Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic

---

Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp

---

IBM Security Bulletins

IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino

http://www.ibm.com/support/docview.wss?uid=swg21984678

---

IBM Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560)

http://www-01.ibm.com/support/docview.wss?uid=swg21984231

---

IBM Security Bulletin: IBM Client Application Access InstallShield vulnerable to DLL planting (CVE-2016-2542)

http://www.ibm.com/support/docview.wss?uid=swg21981968

---

IBM Security Bulletin: Secure Properties in IBM UrbanCode Deploy Vulnerable (CVE-2016-0267)

http://www.ibm.com/support/docview.wss?uid=swg2C1000151

---

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience (CVE-2015-1794, CVE-2015-3194, CVE-2016-0702)

http://www.ibm.com/support/docview.wss?uid=swg21981021

---

IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM SDK for Node.js in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855)

http://www-01.ibm.com/support/docview.wss?uid=swg21983514

---

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection

http://www.ibm.com/support/docview.wss?uid=swg21984424

---

IBM Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427)

http://www.ibm.com/support/docview.wss?uid=swg21984436