Tageszusammenfassung - Mittwoch 28-09-2016

End-of-Shift report

Timeframe: Dienstag 27-09-2016 18:00 − Mittwoch 28-09-2016 18:00 Handler: Robert Waldner Co-Handler: n/a

Warnung vor Rechnungen der "Austria Domain Hosting"

Aktuell erhalten zahlreiche InternetnutzerInnen per E-Mail vermeintliche Rechnungen der "Austria Domain Hosting". Zu zahlen sind 179,40 Euro für eine nie bestellte Registrierung einer Domain. In Wirklichkeit handelt es sich um einen Betrugsversuch!

https://www.watchlist-internet.at/gefaelschte-rechnungen/warnung-vor-rechnungen-der-austria-domain-hosting-1/

Datenschützer decken schwere Mängel im Internet der Dinge auf

Das Global Privacy Network (GPEN) hat 314 vernetzte Geräte von Fitness-Trackern über Blutzuckermessgeräte bis zu Smart-TVs geprüft und ist auf große Lücken beim Datenschutz gestoßen. Selbst sensible Informationen würden kaum verschlüsselt.

http://www.heise.de/newsticker/meldung/Datenschuetzer-decken-schwere-Maengel-im-Internet-der-Dinge-auf-3334561.html

Back in Time Memory Forensics, (Tue, Sep 27th)

You might get into a case where you have only the disk image without having the memory image. Or even if you have the memory image but you wish If you have something back in time.With hibernation file (hiberfil.sys) ,PageFile (pageand crash dump that might be possible. And if you are lucky enough you might be able to recover them from volume shadow copy which is enabled by default in most of modern Windows OS .

https://isc.sans.edu/diary.html?storyid=21527&rss

Vuln: Symantec Messaging Gateway CVE-2016-5312 Directory Traversal Vulnerability

http://www.securityfocus.com/bid/93148

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as "Critical Severity" one as "Moderate Severity" and the other 12 as "Low Severity". Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

Vuln: Apache Axis2 Document Type Declaration Processing Security Vulnerability

http://www.securityfocus.com/bid/40976

Vuln: Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/91501

BIND Bug in buffer.c Constructing Query Responses Lets Remote Users Cause the Target Service to Crash

http://www.securitytracker.com/id/1036903

Security Advisory: libssh vulnerability CVE-2016-0739

https://support.f5.com:443/kb/en-us/solutions/public/k/57/sol57255643.html?ref=rss

Security Advisory: TMM SSL/TLS virtual server vulnerability CVE-2016-6907

https://support.f5.com:443/kb/en-us/solutions/public/k/39/sol39508724.html?ref=rss

EMC ViPR SRM Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks

http://www.securitytracker.com/id/1036904

Security Advisory - Path Traversal Vulnerability in Multiple Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160928-01-pathtraversal-en

SSA-378531 (Last Update 2016-09-27): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf

TP-Link Archer CR-700 Cross Site Scripting

n running the command above, it send a DHCP request to the router. On a DHCP request, the host name is sent to which we have forcibly set it to an XSS script <script>alert(5)</script>

https://cxsecurity.com/issue/WLB-2016090203

Bugtraq: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)

Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)

http://www.securityfocus.com/archive/1/539502

ICS-CERT releases new tools for securing industrial control systems

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published newer versions of two tools that can help administrators with securing industrial control systems: the Cyber Security Evaluation Tool (CSET), and a whitepaper on recommended practices for improving ICS cybersecurity with defense-in-depth strategies. While the former has received many update through the years (this newer version is v8.0), the whitepaper is a 'modernized' version of a document ..

https://www.helpnetsecurity.com/2016/09/28/tools-securing-industrial-control-systems/

IBM Security Bulletins

IBM Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-3485)

http://www.ibm.com/support/docview.wss?uid=swg21990448

IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2016-3574, CVE-2016-3575, etc)

http://www.ibm.com/support/docview.wss?uid=swg21988718

IBM Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM WebSphere Dashboard Framework (CVE-2016-3092 )

http://www-01.ibm.com/support/docview.wss?uid=swg21990386

IBM Security Bulletin: Security Vulnerability in Apache Commons FileUpload affects IBM Web Experience Factory (CVE-2016-3092 )

http://www-01.ibm.com/support/docview.wss?uid=swg21990394

IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo Credit Limits (CVE-2016-3092)

http://www.ibm.com/support/docview.wss?uid=swg21988584

IBM Security Bulletin: Vulnerabilities in OpenSSL affect Rational BuildForge (CVE-2016-2107, CVE-2016-2176)

http://www.ibm.com/support/docview.wss?uid=swg21988081

IBM Security Bulletin: Vulnerability in sblim-sfcb affects IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2015-5185)

https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099487

IBM Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module (IMM) for System x & BladeCenter (CVE-2015-8710)

https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099488