End-of-Shift report
Timeframe: Montag 09-01-2017 18:00 − Dienstag 10-01-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Adobe Security Bulletins posted
Adobe has published security bulletins for Adobe Acrobat and Reader (APSB17-01) and Adobe Flash Player (APSB17-02). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
https://blogs.adobe.com/psirt/?p=1438
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
Rätselhafte Netzwerk-Aktivitäten mit GRE-Paketen
Aufmerksame Admins verzeichnen aktuell auf ihren VPN-Gateways und Firewalls eine Zunahme von scheinbar sinnlosen GRE-Paketen. Die Ursache ist bislang unklar.
https://heise.de/-3592231
Krebs's Immutable Truths About Data Breaches
Ive had several requests for a fresh blog post to excerpt something that got crammed into the corner of a lengthy story published here Sunday: A list of immutable truths about data breaches, cybersecurity and the consequences of inaction.
https://krebsonsecurity.com/2017/01/krebss-immutable-truths-about-data-breaches/
Terror Exploit Kit? More like Error Exploit Kit
Q: What does it take to create a simple, yet fully functioning exploit kit? A: Just a little bit of determination. A few weeks ago a website popped up on our radar: www[.]***empowernetwork[.]com This web site, like many others in...
http://trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-like-Error-Exploit-Kit/
Über 1000 deutsche Online-Shops infiziert und angezapft
Bei über tausend deutschen Online-Shops ziehen Kriminelle jetzt gerade Kundendaten und Zahlungsinformationen ab - und das zum Teil schon seit Monaten. Laut BSI ignorieren viele Shop-Betreiber das Problem.
https://heise.de/-3592281
Datenklau an Geldautomaten steigt an, Schaden sinkt
Datendiebe haben an Geldautomaten in Deutschland wieder häufiger zugeschlagen. Trotz moderner Technik verursacht Skimming nach wie vor Millionenschäden. An anderer Stelle allerdings sind Bankkunden noch mehr gefährdet.
https://heise.de/-3592571
A Review of Cryptography - Part 1
Overview of Last Articles Our last few articles have dealt with the science and technology of Biometrics. To review, it is merely the Verification and/or Identification of an individual based on their unique physiological traits or even behavioral mannerisms. This is probably one of the best forms of Security technology to use because it is...
http://resources.infosecinstitute.com/a-review-of-cryptography-part-1/
Two New Edge Exploits Integrated into Sundown Exploit Kit
Two recently published proof-of-concept exploits targeted Microsoft Edge were recently integrated into the Sundown Exploit Kit.
http://threatpost.com/two-new-edge-exploits-integrated-into-sundown-exploit-kit/122974/
Port 37777 "MapTable" Requests, (Tue, Jan 10th)
Thanks to Born for noticing an increase in %%port:37777%% TCP traffic. He wrote a blog with some of the payloads he found, and after he notified us, I was able to confirm his observations in our honeypot [1]. First 32 bytes of the payload: c1 00 00 00 00 14 00 00 63 6f 6e 66 69 67 00 00 c. o. n. f. i. g 31 00 00 00 00 00 00 00 ">{ Enable : 1, MapTable : [ { Enable : 1, InnerPort : 85, OuterPort : 85, Protocol : TCP, ServiceName : HTTP }, { Enable : 1, InnerPort : 37777, OuterPort :...
https://isc.sans.edu/diary.html?storyid=21913&rss
Vuln: DLink DGS-1100 Switch CVE-2016-10125 Local Hardcoded SSL Certificate Vulnerability
http://www.securityfocus.com/bid/95329
St. Jude Merlin at home Transmitter Vulnerability
This advisory contains mitigation details for a channel accessible by non-endpoint vulnerability in St. Jude Medical's
Merlin at home transmitter.
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01
Intel Ethernet Controller X710/XL710 NVM Security Vulnerability
A security vulnerability in the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. Under certain use conditions the Ethernet controller will stop sending and receiving data until the controller is reset. All NVM versions 5.04 and earlier contain this vulnerability which is fully mitigated in NVM version 5.05.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr
DFN-CERT-2017-0034: Foxit Reader, Foxit PhantomPDF, Foxit PDF Toolkit: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0034/
Moodle 3.2.1 release notes
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
https://docs.moodle.org/dev/Moodle_3.2.1_release_notes
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Metrics Manager (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-6306 CVE-2016-2181 CVE-2016-2183)
http://www-01.ibm.com/support/docview.wss?uid=swg21993856
IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986)
http://www.ibm.com/support/docview.wss?uid=swg21996503
IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2016-3485)
http://www-01.ibm.com/support/docview.wss?uid=swg21995206
IBM Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448)
http://www-01.ibm.com/support/docview.wss?uid=swg21995198
IBM Security Bulletin: IBM Tivoli Netcool Impact affected by Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378)
http://www.ibm.com/support/docview.wss?uid=swg21996502
IBM Security Bulletin: Vulnerability in SnapDrive for Windows may Result in Disclosure of Sensitive Information (CVE-2015-8544)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009256