End-of-Shift report
Timeframe: Donnerstag 23-02-2017 18:00 − Freitag 24-02-2017 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
Kriminelle versenden gefälschte BAWAK P.S.K.-SMS
In einer gefälschten BAWAG P.S.K.-SMS heißt es, dass die Bank das Konto von Kund/innen gesperrt habe. Damit diese ihr Konto wieder aktivieren können, sollen sie eine Website aufurfen und ihre Zugangsdaten bekannt geben. Achtung: Es handelt sich um einen Phishingversuch. Am besten ist es, wenn Sie die SMS löschen.
https://www.watchlist-internet.at/phishing/kriminelle-versenden-gefaelschte-bawak-psk-sms/
Worlds Largest Spam Botnet Adds DDoS Feature
Necurs, the worlds largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. [...]
https://www.bleepingcomputer.com/news/security/worlds-largest-spam-botnet-adds-ddos-feature/
Removing User Admin Rights Mitigates 94% of All Critical Microsoft Vulnerabilities
Just by preventing access to admin accounts, a system administrator could safeguard all the computers under his watch and prevent attackers from exploiting 94% of all the critical vulnerabilities Microsoft patched during the past year. [...]
https://www.bleepingcomputer.com/news/microsoft/removing-user-admin-rights-mitigates-94-percent-of-all-critical-microsoft-vulnerabilities/
Bleeding clouds: Cloudflare server errors blamed for leaked customer data
While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and tokens, to credentials.Cloudflare moved quickly to fix things, but their postmortem downplays the risk to customers, Ormandy said.The problem on Cloudflares side, which impacted big brands like Uber, Fitbit, 1Password, and OKCupid, was a memory leak. The flaw
http://www.csoonline.com/article/3173639/security/bleeding-clouds-cloudflare-server-errors-blamed-for-leaked-customer-data.html#tk.rss_applicationsecurity
Leaked Android Banking Trojan Spotted in Disguise on the Google Play Store
Just as security experts have predicted, the source code of a potent Android banking trojan that was leaked online in mid-December 2016, is now being seen in live attacks on a regular basis. [...]
https://www.bleepingcomputer.com/news/security/leaked-android-banking-trojan-spotted-in-disguise-on-the-google-play-store/
LibreOffice Calc and Writer Embedded Object Preview Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1037893
[Xen-announce] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe
A malicious guest administrator can cause an out of bounds memory write, very likely exploitable as a privilege escalation.
https://lists.xen.org/archives/html/xen-announce/2017-02/msg00004.html
[Xen-announce] Xen Security Advisory 210 - arm: memory corruption when freeing p2m pages
A malicious or buggy guest may corrupt hypervisor state, commonly leading to a host crash (Denial of Service). Privilege escalation or information leaks cannot be excluded.
https://lists.xen.org/archives/html/xen-announce/2017-02/msg00005.html
Novell: NetIQ Access Manager 4.3 Support Pack 1 4.3.1.0-53
The purpose of the patch is to provide a bundle of fixes for issues that have surfaced since NetIQ Access Manager 4.3 was released. These fixes include updates to the Access Gateway Appliance, Access Gateway Service, Identity Server, Analytics Server and Admin Console. CVE - 20145183
https://download.novell.com/Download?buildid=30pOHdA3ETQ~
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities may affect IBM WebSphere Real Time
https://www.ibm.com/support/docview.wss?uid=swg21997192
IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition
https://www.ibm.com/support/docview.wss?uid=swg21997194
IBM Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462)
http://www-01.ibm.com/support/docview.wss?uid=swg21998385
IBM Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology
http://www-01.ibm.com/support/docview.wss?uid=swg21999362
IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in Busybox (CVE-2014-9645)
http://www.ibm.com/support/docview.wss?uid=swg21998196
IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in IBM WebSphere Application Server (CVE-2016-5983)
http://www.ibm.com/support/docview.wss?uid=swg21996871
IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) related to IBM WebSphere Application Server Liberty
http://www.ibm.com/support/docview.wss?uid=swg21999209
IBM Security Bulletin: IBM Connections Security Refresh (CVE-2016-5932)
http://www.ibm.com/support/docview.wss?uid=swg21998294
IBM Security Bulletin: An XML parser vulnerability affects IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software releases (CVE-2016-4463)
http://www.ibm.com/support/docview.wss?uid=swg21996869
IBM Security Bulletin: Vulnerabilites in IBM Algorithmics Algo One Algo Risk Application (ARA) Stack trace may be thrown if no default error page was set up and exception occurred
http://www.ibm.com/support/docview.wss?uid=swg21997638