End-of-Shift report
Timeframe: Freitag 03-02-2017 18:00 − Montag 06-02-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
Vuln: Barracuda NextGen Firewal F-Series Denial of Service Vulnerability
http://www.securityfocus.com/bid/96000
Vuln: Multiple GStreamer Plug-ins Buffer Overflow and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/96001
Honeywell SCADA Controllers Exposed Passwords in Clear Text
A series of remotely exploitable vulnerabilities - including clear text passwords - exist in a set of Honeywell SCADA systems.
http://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clear-text/123562/
[remote] - Netwave IP Camera - Password Disclosure
https://www.exploit-db.com/exploits/41236/?rss
Security Advisory: Apache vulnerability CVE-2016-8743
https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00373024.html?ref=rss
Security Advisory: OpenSSL vulnerability CVE-2016-7055
https://support.f5.com:443/kb/en-us/solutions/public/k/43/sol43570545.html?ref=rss
[SANS ISC Diary] Detecting Undisclosed Vulnerabilities with Security Tools & Features
I published the following diary on isc.sans.org: "Detecting Undisclosed Vulnerabilities with Security Tools & Features". I'm a big fan of OSSEC. This tools is an open source HIDS and log management tool. Although often considered as the "SIEM of the poor", it integrates a lot of interesting features and is fully configurable ...
https://blog.rootshell.be/2017/02/04/sans-isc-diary-detecting-undisclosed-vulnerabilities-security-tools-features/
Kodi-Erweiterung machte Anwender zu Botnetz-Zellen
Anwender des Plug-ins "Exodus" für das Media-Center Kodi wurden zu unfreiwilligen Teilnehmern eines Botnets, das gezielte DDoS-Angriffe fuhr. Deren Ziel: Websites von Konkurrenten.
https://heise.de/-3617777
NATO presents the Tallinn Manual 2.0 on International Law Applicable to cyberspace
NATO's Cooperative Cyber Defense Centre of Excellence (CCDCOE) has published "Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations." Its world launch will be in Washington DC, February 8 at The Atlantic Council; followed by Europe at The Hague, February 13; and Tallinn, February 17.
http://securityaffairs.co/wordpress/56004/cyber-warfare-2/nato-tallinn-manual-2-0.html
Slammer worm slithers back online to attack ancient SQL servers
If you get taken down by this 13-year-old malware, you probably deserve it One of the worlds most famous net menaces, SQL Slammer, has resumed attacking servers some 13 years after it set records by infecting 75,000 servers in 10 minutes, researchers say.
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/05/sql_slammer_back/
Microsofts DRM can expose Windows-on-Tor users IP address
Anonymity-lovers best not watch movies as .WMV files Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsofts DRM system.
http://go.theregister.com/feed/www.theregister.co.uk/2017/02/06/microsoft_drm_and_tor/
Bugtraq: ZoneMinder - multiple vulnerabilities
http://www.securityfocus.com/archive/1/540093
Anbieter des WordPress-Plugin BlogVault gehackt
Hacker haben bei einem Server-Einbruch Daten von BlogVault-Nutzern abgezogen. Anschließend sollen einige Webseiten, die auf das Plugin setzen, mit Malware infiziert worden sein, warnt der Anbieter.
https://heise.de/-3618141
Lurk: Retracing the Group's Five-Year Campaign
Fileless infections are exactly what their namesake says: theyre infections that dont involve malicious files being downloaded or written to the system's disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to gain privileges and persist in the system of interest to an attacker - all while staying under the radar.
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/kF9o3H2gLlM/
Überwachungsfirma Cellebrite: Hacker veröffentlicht iPhone-Cracking-Tools
Wenn Software zum Knacken von Smartphones existiert, dann gelangt diese auch in die Hände Dritter, erklärt der Hacker, der die angeblich von einer Überwachungsfirma stammenden Tools veröffentlicht hat. Ähnlich argumentierte zuletzt auch Apple.
https://heise.de/-3618462
Hacker hijacks thousands of publicly exposed printers to warn owners
Following recent research that showed many printer models are vulnerable to attacks, a hacker decided to prove the point and forced thousands of publicly exposed printers to spew out rogue messages.
http://www.cio.com/article/3166048/security/hacker-hijacks-thousands-of-publicly-exposed-printers-to-warn-owners.html#tk.rss_security
ENISA: Challenges of security certification in emerging ICT environments
ENISA issues today its report on the Challenges of security certification in emerging ICT environments. The report is targeted at EU Member States (MS), the Commission, certification bodies and the private sector, and provides a thorough description of the cyber security certification status concerning the most critical equipment in various critical business sectors.
https://www.enisa.europa.eu/news/enisa-news/challenges-of-security-certification-in-emerging-ict-environments
Chrome 57 [...] will no longer trust any StartSSL/Wosign issued certificates [...]
Previous communication from Google (
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html) had read as though it would only be certificates issued since October 21, 2016 wouldnt be trusted. It then went onto say that it may not trust other certificates but didnt really say what that meant.
https://forums.whirlpool.net.au/forum-replies.cfm?t=2605051
Six Best Practices for Securing a Robust Domain Name System (DNS) Infrastructure
The Domain Name System (DNS) is an essential component of the Internet, a virtual phone book of names and numbers, but we rarely think about it until something goes wrong.
https://insights.sei.cmu.edu/sei_blog/2017/02/six-best-practices-for-securing-a-robust-domain-name-system-dns-infrastructure.html
IBM Security Bulletins
IBM Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)
http://www.ibm.com/support/docview.wss?uid=nas8N1021796
IBM Security Bulletin: Multiple vulnerabilities in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation
http://www.ibm.com/support/docview.wss?uid=swg21993091
IBM Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery.
http://www-01.ibm.com/support/docview.wss?uid=swg21998167