Tageszusammenfassung - Mittwoch 1-03-2017

End-of-Shift report

Timeframe: Dienstag 28-02-2017 18:00 − Mittwoch 01-03-2017 18:00 Handler: Stephan Richter Co-Handler: n/a

Dridex Becomes First Malware Family to Integrate AtomBombing Technique

Bad news from malware-land after security researchers from IBM reported today theyd discovered the first samples of version 4.0 of the infamous and highly-active Dridex banking trojan. [...]

https://www.bleepingcomputer.com/news/security/dridex-becomes-first-malware-family-to-integrate-atombombing-technique/

Android: Passwort-Manager mit Sicherheitslücken

Passwort-Manager verwalten auf Smartphones diverse Zugangsdaten. Das ist zwar praktisch - doch nicht immer sind die Daten auch sicher verwahrt, wie das Frauenhofer SIT herausfand. Einige der untersuchten Apps wiesen gravierende Mängel auf.

https://heise.de/-3640040

Botnets

Botnets have existed for at least a decade. As early as 2000, hackers were breaking into computers over the Internet and controlling them en masse from centralized systems. Among other things, the hackers used the combined computing power of these botnets to launch distributed denial-of-service attacks, which flood websites with traffic to take them down.But now the problem is getting worse, thanks to a flood of cheap webcams, digital video recorders, and other gadgets in the "Internet of...

https://www.schneier.com/blog/archives/2017/03/botnets.html

BSI legt Grundstein für Prüfungen gemäß IT-Sicherheitsgesetz

Betreiber kritischer Infrastruktur müssen sich zukünftig regelmäßig prüfen lassen und dabei nachweisen, Sicherheitsvorkehrungen gemäß dem Stand der Technik vorgenommen zu haben. Die ersten Schulungen für Prüfer machen klar, was das konkret bedeutet.

https://heise.de/-3632463

Wir werden alle an der Cloud verbluten .. oder so

http://www.cert.at/services/blog/20170301112306-1918.html

[2017-03-01] XXE and XSS vulnerabilities in Aruba AirWave

The authenticated XXE and reflected XSS vulnerabilities were found in Aruba AirWave versions prior to 8.2.3.1. The XXE flaw can be exploited by either a low-privileged user or a social engineering attack which could allow an attacker to read sensitive files on the system.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170301-0_Aruba_AirWave_XXE_XSS_vulnerabilities_v10.txt

DFN-CERT-2017-0362: Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0362/

SSA-934525 (Last Update 2017-03-01): Vulnerability in SINUMERIK Integrate

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf

SSA-701708 (Last Update 2017-03-01): Local Privilege Escalation in Industrial Products

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf

SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro SafeSync for Enterprise (SSFE) 3.2

Trend Micro has released a new build for Trend Micro SafeSync for Enterprise (SSFE) 3.2. This fix resolves multiple vulnerabilities in the product that could potentially allow a remote attacker to execute arbitrary code on vulnerable installations.

https://success.trendmicro.com/solution/1116749

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. There are no workarounds that address this vulnerability.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-cpi

Cisco NetFlow Generation Appliance Stream Control Transmission Protocol Denial of Service Vulnerability

A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition.The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data...

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-nga

IBM Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718)

A vulnerability has been identified in the Expat XML parser, which affects IBM Security Access Manager appliances. CVE(s): CVE-2016-0718 Affected product(s) and affected version(s): IBM Security Access Manager for Web 7.0 appliances, all firmware versions. IBM Security Access Manager for Web 8.0 appliances, all firmware versions. IBM Security Access Manager for Mobile 8.0 appliances, all...

http://www.ibm.com/support/docview.wss?uid=swg21998991

IBM Security Bulletin: Tivoli Storage Manger (IBM Spectrum Protect) SQL interface vulnerable to unauthorized access (CVE-2016-8940)

Tivoli Storage Manager (IBM Spectrum Protect) SQL interface is vulnerable to unauthorized access to user credentials and product sensitive information. CVE(s): CVE-2016-8940 Affected product(s) and affected version(s): This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels: 7.1.0.0 through 7.1.7.0 6.3.0.0 through 6.3.6.0 6.2, 6.1, and 5.5 all levels (these releases...