End-of-Shift report
Timeframe: Dienstag 12-07-2016 18:00 − Mittwoch 13-07-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
VU#123799: libbpg contains a type confusion vulnerability that leads to out of bounds write
Vulnerability Note VU#123799 libbpg contains a type confusion vulnerability that leads to out of bounds write Original Release date: 12 Jul 2016 | Last revised: 12 Jul 2016 Overview libbpg is a library for the BPG graphics format. libbpg 0.9.5 through 0.9.7 may allow a crafted file to write out-of-bounds, which may lead to denial of service or arbitrary code execution. Description CWE-787: Out-of-bounds Write - CVE-2016-5637According to the reporter, improper checking of...
http://www.kb.cert.org/vuls/id/123799
MSRT July 2016 - Cerber ransomware
As part of our ongoing effort to provide better malware protection, the July 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detection for Win32/Cerber, a prevalent ransomware family. The inclusion in MSRT complements our Cerber-specific family detections in Windows Defender, and our ransomware-dedicated cloud protection features. We started seeing Cerber in February...
https://blogs.technet.microsoft.com/mmpc/2016/07/12/msrt-july-2016-cerber-ransomware/
Tollgrade Smart Grid EMS LightHouse Vulnerabilities
This advisory contains mitigation details for vulnerabilities in Tollgrade Communications, Inc.'s Smart Grid LightHouse Sensor Management System Software EMS.
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-01
GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability
This advisory contains mitigation details for an improper privilege management vulnerability and recently released exploit code for the GE Proficy HMI/SCADA CIMPLICITY application.
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
Hunting for Malicious Files with MISP + OSSEC, (Tue, Jul 12th)
A few months ago, I wrote a diary called Unity Makes Strength which was illustrated with an example of integrationbetween a malware analysis solution and a next-generation firewall. The goal is to increase the ability to block malicious traffic as soon as possible. Today, Id like to explain how to improve the detection of malware on Windows computers thanks to the integration of MISPand OSSEC. I already presented the Malware Information Sharing Platformin another diary. About OSSEC, in a few...
https://isc.sans.edu/diary.html?storyid=21251&rss
Patchday: Microsoft stopft Lücken in Windows, Office und SecureBoot
Microsoft hat elf Sicherheitsupdates für seine Produkte veröffentlicht. Die meisten davon sind als kritisch vermerkt und erlauben Angreifern aus dem Netz, eigenen Schadcode nach Belieben auszuführen.
http://heise.de/-3265524
Securing Smart Cars - Join ENISA study and workshop
ENISA is currently performing a study on cyber security measures for smart cars and earlier this year launched the ENISA CaRSEC (Cars and Roads SECurity) expert group.
https://www.enisa.europa.eu/news/enisa-news/securing-smart-cars-join-enisa-study-and-workshop
Security Advisory - Input Validation Vulnerability in Huawei Routers
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160713-01-router-en
Security Advisory - Input Validation Vulnerability in WiFi Driver of Huawei Smart Phone
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160713-01-smartphone-en
Security Advisory - Input Validation Vulnerability in Multiple Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160713-01-multicast-ldp-fec-stack-en
Drupal: Patch released today to fix a highly critical RCE in contributed modules, (Wed, Jul 13th)
Drupal announced that they will release today (Wed July13th 2016 16:00 UTC) a patch that will fix highly critical remote code execution vulnerabilities in contributed modules. Drupal core is not affected. The vulnerability is a PHP Arbitrary Code Execution and is rated up to 22/25 (based on risk calculation model used by Drupal - details here). The vulnerable modules are used on between 1.000 and 10.000 instances. If you maintain one or more Drupal websites, review the list of affected...
https://isc.sans.edu/diary.html?storyid=21255&rss
IBM Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)
IBM Personal Communications is susceptible to unauthorized access vulnerability when running on a compromised system (by the victim opening a mail with a malicious attachment or visiting a malicious website). Malware could run with user privileges but not necessarily having access to the password. An attacker could retrieve user credentials by running PowerShell Script and...
http://www-01.ibm.com/support/docview.wss?uid=swg21981692
Using the Java Security Manager in Enterprise Application Platform 7
JBoss Enterprise Application Platform 7 allows the definition of Java Security Policies per application. The way its implemented means that well also be able to define security policies per module, in addition to define one per application. The ability to apply the Java Security Manager per application, or per module in EAP 7, makes it a versatile tool in the mitigation of serious security issues, or useful for applications with strict security requirements.The main difference between EAP 6,...
https://access.redhat.com/blogs/766093/posts/2276521