End-of-Shift report
Timeframe: Montag 27-02-2017 18:00 − Dienstag 28-02-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Mac-AV-Software ermöglichte Einschleusen von Schadcode
Eine unzureichende Absicherung bei der Lizenzprüfung von Eset Endpoint Antivirus für macOS ermöglichte es einem Angreifer, beliebigen Code mit Root-Rechten auszuführen. Die als kritisch eingestufte Sicherheitslücke wurde inzwischen behoben.
https://heise.de/-3638786
MongoDB: Sprechender Teddy teilte alle Daten mit dem Internet
Spielzeug aus der Cloudpets-Reihe zeichnet die Stimmen der Kinder auf. Wem das nicht schon zu creepy ist, der dürfte sich spätestens über die offene MongoDB-Datenbank aufregen. 800.000 Nutzer mit über 2 Millionen Sprachsamples sind betroffen. (Spielzeug, Datenschutz)
https://www.golem.de/news/mongodb-sprechender-teddy-teilte-alle-daten-mit-dem-internet-1702-126452-rss.html
Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs
A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a websites database. [...]
https://www.bleepingcomputer.com/news/security/severe-sql-injection-flaw-discovered-in-wordpress-plugin-with-over-1-million-installs/
Decrypting after a Findzip ransomware infection
The Findzip ransomware was discovered on February 22, 2017. At that time, it was thought that files would be irreversibly encrypted by this ransomware, with no chance of decryption. Turns out, thats not quite true.
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
Guidelines on Incident Notification for Digital Service Providers
ENISA publishes a comprehensive guideline on how to implement incident notification requirements for Digital Service Providers, in the context of the NIS Directive.
https://www.enisa.europa.eu/news/enisa-news/guidelines-on-incident-notification-for-digital-service-providers
DFN-CERT-2017-0355: TYPO3: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe und das Umgehen von Sichherheitsvorkehrungen
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0355/
DFN-CERT-2017-0340: Red Hat Package Manager (RPM): Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0340/
SAP BusinessObjects Financial Consolidation Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1037910
VU#742632: Sage XRT Treasury database fails to properly restrict access to authorized users
Vulnerability Note VU#742632 Sage XRT Treasury database fails to properly restrict access to authorized users Original Release date: 28 Feb 2017 | Last revised: 28 Feb 2017 Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT Treasury is a business finance...
http://www.kb.cert.org/vuls/id/742632
DFN-CERT-2017-0356: ktnef: Eine Schwachstelle ermöglicht u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0356/
Bugtraq: Advisory X41-2017-001: Multiple Vulnerabilities in X.org
http://www.securityfocus.com/archive/1/540180
VTS17-003: Multiple Vulnerabilities in Veritas NetBackup and NetBackup Appliance
https://www.veritas.com/content/support/en_US/security/VTS17-003.html
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2017 CPU
http://www-01.ibm.com/support/docview.wss?uid=swg21998379
IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995)
http://www.ibm.com/support/docview.wss?uid=swg21998885
IBM Security Bulletin: A vulnerability in IBM Jazz for Service Management affects IBM Performance Management products (CVE-2016-9975)
http://www-01.ibm.com/support/docview.wss?uid=swg21993846&myns=swgtiv&mynp=OCSSTFXA&mync=R&cm_sp=swgtiv-_-OCSSTFXA-_-R
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller
http://www-01.ibm.com/support/docview.wss?uid=swg21983083
IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427)
http://www-01.ibm.com/support/docview.wss?uid=swg21983082
IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products
http://www.ibm.com/support/docview.wss?uid=swg21993794
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Controller.
http://www-01.ibm.com/support/docview.wss?uid=swg21977636
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Controller (CVE-2015-3195)
http://www-01.ibm.com/support/docview.wss?uid=swg21976531
IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to various CVEs
http://www.ibm.com/support/docview.wss?uid=swg21999478
IBM Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVEs
http://www.ibm.com/support/docview.wss?uid=swg21999395
IBM Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050)
http://www.ibm.com/support/docview.wss?uid=swg21999474
IBM Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879)
http://www.ibm.com/support/docview.wss?uid=swg21997341
IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880)
http://www.ibm.com/support/docview.wss?uid=swg21997340
IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVEs
http://www.ibm.com/support/docview.wss?uid=swg21999488
IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM and Incident Forensics is vulnerable to various CVEs
http://www.ibm.com/support/docview.wss?uid=swg21999479