End-of-Shift report
Timeframe: Donnerstag 05-01-2017 18:00 − Montag 09-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-01)
A prenotification Security Advisory (APSB17-01) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, January 10, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the...
https://blogs.adobe.com/psirt/?p=1434
Great Misadventures of Security Vendors: Absurd Sandboxing Edition, (Fri, Jan 6th)
Like many security researchers, I employ a variety of OPSEC techniques to help detect if I have been targeted by something for whatever reason. One of those techniques I use in Virustotal is basically a vanity Yara rule that looks for a variety of strings that would indicate malware was specifically targeting me or some data was uploaded that references me. Virustotal Intelligence is a useful too for doing that and many researchers have paid for access which allows you to also download samples...
https://isc.sans.edu/diary.html?storyid=21895&rss
Using Security Tools to Compromize a Network, (Sat, Jan 7th)
One of our daily tasks is to assess and improve the security of our customers or colleagues. To achieve this use security tools (linked to processes). With the time, we are all building our personal toolbox with our favourite tools.Yesterday, I read an interesting blog article about extracting saved credentials from a compromised Nessus system[1]. This in indeed a nice target forthe bad guy! Why? Such security tools deployed inside a network have interesting characteristics: They have...
https://isc.sans.edu/diary.html?storyid=21903&rss
Erpressertrojaner griffen kürzlich mehr als 10.000 Datenbanken an
Schwachstellen bei MongoDB ausgenutzt, Sicherheitsforscher sprechen von Angriffswelle
http://derstandard.at/2000050382671
Sicherheitsupdates: LibVNCServer gegen Speicherfehler gerüstet
Seit über zwei Jahren hat die Programmbibliothek keine Updates spendiert bekommen. Nun schließen die Entwickler zwei Schwachstellen.
https://heise.de/-3591417
11 Steps to Improve Your Public Wi-Fi Security [Updated]
A day without Wi-Fi is a day not fully lived. We're (somewhat) exaggerating, but it's fair to say Wi-Fi has become a staple of the modern life.
https://heimdalsecurity.com/blog/11-security-steps-public-wi-fi-networks/
SWIFT speaks on fraudulent messages and the security moves the cooperative is making to assist its customers
The February 2016 attack on Bangladesh Bank which involved the sending of fraudulent SWIFT messages from the bank's environment, was followed by a number of other attacks on banks using the SWIFT network. The criminal hackers' intention is to compromise the banks' environments in order to gain their SWIFT credentials, send fraudulent messages and route payments to themselves. Since that time, the SWIFT cooperative has instituted measures ultimately designed to help their...
http://www.cio.com/article/3155253/security/swift-speaks-on-fraudulent-messages-and-the-security-moves-the-cooperative-is-making-to-assist-its.html#tk.rss_security
FTC Takes D-Link to Court Because of Insecure Routers and Cameras
The US Federal Trade Commission (FTC) has filed a lawsuit against D-Link, a Taiwanese hardware manufacturer, for misrepresentations about the security of various devices it sold in the US, and for failing to take action and secure devices when security flaws were reported. [...]
https://www.bleepingcomputer.com/news/security/ftc-takes-d-link-to-court-because-of-insecure-routers-and-cameras/
WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). [...]
https://www.bleepingcomputer.com/news/security/wordpress-joomla-and-magento-continue-to-be-the-most-hacked-cmss/
DFN-CERT-2017-0027: OpenSSL: Eine Schwachstelle ermöglicht das Ausspähen von Informationen
Eine Schwachstelle in OpenSSL sowie den Derivaten wie z.B. LibreSSL und BoringSSL ermöglicht einem lokalen, nicht authentisierten Angreifer das Ausspähen von privatem Schlüsselmaterial.
Die Entwickler von OpenSSL stellen bislang noch keine Sicherheitsupdates zur Verfügung.
OpenBSD stellt Source Code Patches für die Versionen OpenBSD 5.9 und 6.0 als Sicherheitsupdates bereit.
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0027/
NETGEAR ProSAFE Firewall Bug Lets Remote Users Traverse the Directory to View Files on the Target System
http://www.securitytracker.com/id/1037548
IBM Security Bulletins
IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available
http://www-01.ibm.com/support/docview.wss?uid=swg21996761
IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime and Apache Tomcat affects IBM RLKS Administration and Reporting Tool Admin (CVE-2016-5597, CVE-2016-3092)
http://www-01.ibm.com/support/docview.wss?uid=swg21995448
IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified
http://www.ibm.com/support/docview.wss?uid=ssg1S1009699
IBM Security Bulletin: IBM InfoSphere DataStage is vulnerable to Cross-Frame Scripting issue (CVE-2016-9000)
http://www-01.ibm.com/support/docview.wss?uid=swg21995257
IBM Security Bulletin: IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability (CVE-2016-8999)
http://www-01.ibm.com/support/docview.wss?uid=swg21995155
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2016-5597)
http://www.ibm.com/support/docview.wss?uid=swg21995687
IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor
http://www-01.ibm.com/support/docview.wss?uid=swg21995758
IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q4 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
http://www-01.ibm.com/support/docview.wss?uid=swg21995691
IBM Security Bulletin: Vulnerabilities in 64-bit block ciphers affects IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2183, CVE-2016-6329)
http://www.ibm.com/support/docview.wss?uid=swg21993665
IBM Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729)
http://www.ibm.com/support/docview.wss?uid=isg3T1024708