End-of-Shift report
Timeframe: Donnerstag 22-09-2016 18:00 − Freitag 23-09-2016 18:00
Handler: Stephan Richter
Co-Handler: n/a
The era of big DDOS?, (Thu, Sep 22nd)
I have been tracking DDOSs for a number of years, and quite frankly, it has become boring. Dont get me wrong, I am not complaining, just stating a fact. A number of factors seem tohave contributed to its fall from mainstream consciousness. somewhat better filtering practices, more awareness of timely patching, and probably the most significant being the novelty has worn off. Occasionally I will still see a multi-Gbps DDOS, but mostly it has been relegated to booter traffic which is not even a...
https://isc.sans.edu/diary.html?storyid=21511&rss
LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD
LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO). Version 1.0 was released last January. The PRE-RELEASE LGPO.exe v2.0 is attached to this blog post, and adds support for Multiple Local Group Policy Objects (MLGPO) and 64-bit REG_QWORD registry values. Full details are in the LGPO.pdf in the download. For more...
https://blogs.technet.microsoft.com/secguide/2016/09/23/lgpo-exe-v2-0-pre-release-support-for-mlgpo-and-reg_qword/
Gefälschte Sendungsverfolgungen der Post
Internet-Nutzer/innen erhalten eine angebliche Sendungsverfolgung der Österreichischen Post. Darin heißt es, dass das Unternehmen ein Paket zurückerhalten habe. Damit es Empfänger/innen erhalten können, sollen sie einen Link aufrufen und eine Datei ausführen. Sie beinhaltet Schadsoftware. Wer diese öffnet, erleidet einen Datenverlust.
https://www.watchlist-internet.at/gefaelschte-rechnungen/gefaelschte-sendungsverfolgungen-der-post/
Nach DDoS-Attacken: Akamai nimmt Sicherheitsforscher Krebs vom Netz
Nach der Enttarnung eines israelischen DDoS-Anbieters ist der Sicherheitsexperte Krebs selbst Opfer eines ungewöhnlichen Angriffs geworden. Seine Website ist vom Netz genommen worden.
http://www.golem.de/news/nach-ddos-attacken-akamai-nimmt-sicherheitsforscher-krebs-vom-netz-1609-123419-rss.html
A week to go for the European Cyber Security Month launch!
ENISA together with the European Commission, the European Baking Federation (EBF), Europol's European Cybercrime Centre (EC3), and its partners, are getting ready for the launch event of the European Cyber Security Month (ECSM), the EU advocacy campaign on cybersecurity which runs throughout October.
https://www.enisa.europa.eu/news/enisa-news/a-week-to-go-for-the-european-cyber-security-month-launch-1
Security Update for Microsoft Office (3185852)
V.2.0(September 22, 2016): Bulletin revised to announce the availability of the 14.6.8 update for Microsoft Office for Mac 2011 (3186805) and the 15.25 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin.
https://technet.microsoft.com/en-us/library/security/MS16-107
Cisco Email Security Appliance Internal Testing Interface Vulnerability
A vulnerability in Cisco IronPort AsyncOS for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to obtain complete control of an affected device.The vulnerability is due to the presence of a Cisco internal testing and debugging interface (intended for use during product manufacturing only) on customer-available software releases. An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an...
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa
IDM 4.5 Notes Driver Version 4.0.1.0
Abstract: This patch is for Identity Manger Notes Driver. It can be installed on IDM 4.5. This patch will take the version of the Notes Driver to version 4.0.1.0.Document ID: 5255110Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:IDM45_Notes_4010.zip (1.12 MB)Products:Identity Manager 4.5Superceded Patches:IDM 4.5 Notes Driver Version 4.0.0.4
https://download.novell.com/Download?buildid=aLUafJcAJps~
DSA-3674 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox webbrowser: Multiple memory safety errors, buffer overflows and otherimplementation errors may lead to the execution of arbitrary code orinformation disclosure.
https://www.debian.org/security/2016/dsa-3674
Microsoft Internet Explorer 11 CORS Disrespect
Topic: Microsoft Internet Explorer 11 CORS Disrespect Risk: Low Text:IE11 is not following CORS specification for local files like Chrome and Firefox. Ive contacted Microsoft and they say this i...
https://cxsecurity.com/issue/WLB-2016090165
DFN-CERT-2016-1560/">LibreSSL: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1560/
IBM Security Bulletins
IBM Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983).
http://www-01.ibm.com/support/docview.wss?uid=swg21990060
IBM Security Bulletin: Security vulnerability has been identified in IBM WebSphere Portal (CVE-2016-5954)
http://www-01.ibm.com/support/docview.wss?uid=swg21989993
IBM Security Bulletin: IBM DB2 LUW on AIX and Linux Affected by Multiple Vulnerabilities in GPFS (CVE-2016-2984, CVE-2016-2985).
http://www-01.ibm.com/support/docview.wss?uid=swg21989842
IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4483)
http://www-01.ibm.com/support/docview.wss?uid=swg21990364
IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Algo Credit Manager (CVE-2016-3092)
http://www-01.ibm.com/support/docview.wss?uid=swg21988586
IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo Credit Administrator (CVE-2016-3092)
http://www.ibm.com/support/docview.wss?uid=swg21988585
IBM Security Bulletin: Vulnerability in Apache Struts affects FileNet Content Manager and IBM Content Foundation (CVE-2016-1181, CVE-2016-1182)
http://www.ibm.com/support/docview.wss?uid=swg21987189
IBM Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449)
http://www-01.ibm.com/support/docview.wss?uid=swg21986710
IBM Security Bulletin: Vulnerability in Network Security (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2016-1978)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009280
IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-0377)
http://www-01.ibm.com/support/docview.wss?uid=swg21990525
IBM Security Bulletin: Vulnerability in Tivoli LWI impacts pConsole and WebSM for AIX (CVE-2016-6038)
http://http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-2985 and CVE-2016-2984)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024336
IBM Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix
http://www.ibm.com/support/docview.wss?uid=swg21990527
IBM Security Bulletin: Vulnerabilities in libpng affect NVIDIA Linux device drivers for System x, Flex and BladeCenter Systems (CVE-2015-8472, CVE-2015-7981, CVE-2015-8126)
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099471