Tageszusammenfassung - Freitag 16-09-2016

End-of-Shift report

Timeframe: Donnerstag 15-09-2016 18:00 − Freitag 16-09-2016 18:00 Handler: Alexander Riepl Co-Handler: n/a

DSA-3668 mailman - security update

It was discovered that there was a CSRF vulnerability in mailman, aweb-based mailing list manager, which could allow an attacker to obtaina users password.

https://www.debian.org/security/2016/dsa-3668

---

Yokogawa STARDOM Authentication Bypass Vulnerability

This advisory contains mitigation details for an authentication bypass vulnerability in the Yokogawa STARDOM controller.

https://ics-cert.us-cert.gov/advisories/ICSA-16-259-01

---

ABB DataManagerPro Credential Management Vulnerability

This advisory contains mitigation details for a credential management vulnerability in ABB’s DataManagerPro application.

https://ics-cert.us-cert.gov/advisories/ICSA-16-259-02

---

Trane Tracer SC Sensitive Information Exposure Vulnerability

This advisory contains mitigation details for an information exposure vulnerability in Trane U.S. Inc.’s Tracer SC field panel.

https://ics-cert.us-cert.gov/advisories/ICSA-16-259-03

---

Attack Leverages Windows Safe Mode

Researchers say a proof-of-concept attack using Windows Safe Mode can lead to credential theft and allow hackers to move laterally within a corporate network.

http://threatpost.com/attack-leverages-windows-safe-mode/120622/

---

Ransomware Getting More Targeted, Expensive

I shared a meal not long ago with a source who works at a financial services company. The subject of ransomware came up and he told me that a server in his ..

http://krebsonsecurity.com/2016/09/ransomware-getting-more-targeted-expensive/

---

DSA-3670 tomcat8 - security update

Dawid Golunski of LegalHackers discovered that the Tomcat init scriptperformed unsafe file handling, which could result in local privilegeescalation.

https://www.debian.org/security/2016/dsa-3670

---

DSA-3669 tomcat7 - security update

Dawid Golunski of LegalHackers discovered that the Tomcat init scriptperformed unsafe file handling, which could result in local privilegeescalation.

https://www.debian.org/security/2016/dsa-3669

---

Necurs – the Heavyweight Malware Spammer

Today we want to dwell upon a pesky botnet that goes by the name of Necurs, and in particular its spamming activities. The botnet has been responsible for a massive ..

http://trustwave.com/Resources/SpiderLabs-Blog/Necurs-%e2%80%93-the-Heavyweight-Malware-Spammer/

---

Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets.

http://jvn.jp/en/jp/JVN98126322/

---

Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting

Splunk Enterprise and Splunk Lite contain a cross-site scripting vulnerability.Note that this vulnerability is different from JVN#74244518.

http://jvn.jp/en/jp/JVN71462075/

---

Gefährliche Inhalte effektiver erkennen: Google baut Webseiten-Scan aus

Webmaster können ihre Seiten nun noch tiefgehender nach unter anderem Malware-Verweisen und gefährlichen Downloads durchsuchen lassen.

http://heise.de/-3325042

---

Erste Sicherheitslücken im Krypto-Messenger Signal entdeckt

Ein Programmierfehler in Signal erlaubt die Manipulation von Dateianhängen. Über einen zweiten hätten Angreifer Schadcode aus der Ferne einschleusen können, hätte ein dritter Bug diesen Angriff nicht verhindert.

http://heise.de/-3325242

---

Erpressungstrojaner: Stampado verschlüsselt von Ransomware verschlüsselte Dateien

Ein neuer Erpressungstrojaner hat eine besonders gemeine Taktik: Verschlüsselt werden Dateien, die bereits von anderer Ransomware verschlüsselt wurden. Zum Glück gibt es Abhilfe.

http://www.golem.de/news/erpressungstrojaner-stampado-verschluesselt-von-ransomware-verschluesselte-dateien-1609-123296.html