End-of-Shift report
Timeframe: Donnerstag 18-08-2016 18:00 − Freitag 19-08-2016 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
18 Jahre lang vorhersehbare Zufallszahlen bei GnuPG
Lange Zeit schlummerte eine Sicherheitslücke in Libgcrypt, der Krypto-Bibliothek des GnuPG-Projektes. Glücklicherweise scheint es so, als ob Nutzern ein großflächiger Austausch von PGP-Schlüsseln erspart bleiben wird.
http://heise.de/-3300159
Neues von Locky: Der Erpressungstrojaner greift jetzt massenhaft Krankenhäuser an
Die Drahtzieher hinter Locky verlegen sich von X-beliebigen Internetnutzern auf Firmen. Vor allem Krankenhäuser haben sich als lukratives Ziel erwiesen.
http://heise.de/-3300555
Doctor Web discovers self-spreading Linux Trojan that can create P2P botnets
August 19, 2016 The Linux operating system remains a major target for virus makers. Doctor Web's security researchers have examined yet another Trojan for Linux written in the Go programming language. This malware program attacks web servers that use various CMS, performs DDoS attacks, sends out spam messages, and distributes itself over networks. The new Trojan, named Linux.Rex.1, was first spotted by Kernelmode forum users who referred to this malware as "Drupal ransomware"...
http://news.drweb.com/show/?i=10157&lng=en&c=9
Erpressungs-Trojaner Cerber rüstet sich gegen Entschlüsselungs-Tools
Check Points und Trend Micros kostenlose Dechiffrierungs-Tools können Daten nicht mehr aus den Fängen der aktuellen Version des Verschlüsselungs-Trojaners Cerber befreien.
http://heise.de/-3300589
Schwerwiegende Lücke im Teamspeak-Server offengelegt
Angreifer können über die aktuelle Version des Teamspeak-Servers Schadcode einschleusen und auf dem Server ausführen. Da der Sicherheitsforscher, der die Lücke entdeckte, die Entwickler nicht vorher informiert hat, gibt es momentan keinen Patch.
http://heise.de/-3300608
Pixpocket: So hätte die NSA VPNs ausspionieren können
Der Shadow-Brokers-Datensatz liefert möglicherweise Informationen darüber, wie die NSA in der Lage war, VPN-Verbindungen abzuhören. Die Schwachstelle hat Ähnlichkeiten mit Heartbleed.
http://www.golem.de/news/pixpocket-so-haette-die-nsa-vpns-ausspionieren-koennen-1608-122807-rss.html
DFN-CERT-2016-1359: PHP: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1359/
Bugtraq: Horizontal Privilege Escalation/Code Injection in ownCloud's Windows Client
http://www.securityfocus.com/archive/1/539269
Cisco IOS and Cisco IOS XE Software OpenSSH TCP Denial of Service Vulnerability
A vulnerability in the handling of Secure Shell (SSH) TCP packets in the Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory on the device.The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on an SSH connection to the device. An attacker could exploit this vulnerability by connecting via SSH to the device and then crafting TCP packets which are out of
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr
Navis WebAccess SQL Injection Vulnerability
NCCIC/ICS-CERT is aware of a public report of an SQL Injection vulnerability with proof-of-concept (PoC) exploit code affecting Navis WebAccess application. This report was released by "bRpsd" without coordination with either the vendor or ICS-CERT. ICS-CERT has reached out to the affected vendor to validate the report. ICS-CERT is issuing this alert to provide notice of the report and to identify baseline mitigations for reducing risks to this and other cybersecurity attacks.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-230-01
IBM Security Bulletin: IBM Connections Security Update
IBM Connections Security Update for multiple CVEs. There are multiple vulnerabilities in IBM Connections, see details below for remediation information. CVE(s): CVE-2016-2995, CVE-2016-2997, CVE-2016-2998, CVE-2016-3005, CVE-2016-3010 Affected product(s) and affected version(s): The following versions of IBM Connections are impacted: IBM Connections 5.5 IBM Connections 5.0 IBM Connections 4.5 IBM Connections 4.0 Refer to the following...
http://www.ibm.com/support/docview.wss?uid=swg21988991
IBM Security Bulletin: The IBM BigFix Platform has a Cross-Site Scripting vulnerability (CVE-2016-0293 )
A .beswrpt can be injected/modified to contain malicious JavaScript CVE(s): CVE-2016-0293 Affected product(s) and affected version(s): 9.0, 9.1, 9.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21985743X-Force Database:...
http://www.ibm.com/support/docview.wss?uid=swg21985743