End-of-Shift report
Timeframe: Montag 06-03-2017 18:00 − Dienstag 07-03-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Sicherheitsupdate härtet WordPress gegen XSS-Angriffe
Wer das CMS WordPress nutzt sollte sicherstellen, dass die aktuelle Version 4.7.3 installiert ist. Ansonsten könnten Angreifer Sicherheitslücken in vorigen Versionen ausnutzen.
https://heise.de/-3645684
River City Media: Spammer vergessen 1,4 Milliarden Mailadressen im Netz
Ein Backup-Fehler dürfte das Aus für ein großes Spamnetzwerk aus den USA bedeuten. River City Media verdiente Geld mit Spam-Nachrichten, SMS-Kampagnen und Affiliate-Marketing - inklusive gefälschter Suchmaschinen.
https://www.golem.de/news/river-city-media-spammer-vergessen-1-4-milliarden-mailadressen-im-netz-1703-126566-rss.html
SAP Security for Beginners part 7: SAP ABAP Platform Security
>
From the previous articles of SAP Security for CISO series (especially SAP Risks), you reviewed many examples of potential attacks on these systems. Now it is time to learn how these attacks can be conducted via vulnerabilities discovered in SAP systems. First, let's look at patching process in SAP. When the vendor fixes vulnerabilities in...
http://resources.infosecinstitute.com/sap-security-beginners-part-7-sap-abap-platform-security/
TU Wien-Team auf drittem Platz bei internationalem Hacker-Wettbewerb
International Capture The Flag-Bewerb mit Internet-Sicherheits-Teams von 78 Universitäten
http://derstandard.at/2000053747853
A tcpdump Tutorial and Primer with Examples
Mar 6, 2017 - I just performed a major update to this tutorial after over 10 years. The update includes a fully functional table of contents and a number of additional explanations. Enjoy!
https://danielmiessler.com/study/tcpdump/
WikiLeaks Releases CIA Hacking Tools
WikiLeaks just released a cache of 8,761 classified CIA documents from 2012 to 2016, including details of its offensive Internet operations.I have not read through any of them yet. If you see something interesting, tell us in the comments.
https://www.schneier.com/blog/archives/2017/03/wikileaks_relea.html
DFN-CERT-2017-0394: Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0394/
WordPress Multiple Plugins - Remote File Upload
Topic: WordPress Multiple Plugins - Remote File Upload Risk: High Text:Id like to report multiple remote file upload vulnerabilities on five plugins, attached is the PoC exploit and screenshot ; It...
https://cxsecurity.com/issue/WLB-2017030065
[2017-03-07] Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud
Multiple critical vulnerabilities, such as unauthenticated OS command injection or arbitrary file upload, within the WD My Cloud devices allow an attacker to gain access on the device.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170307-0_WD_MyCloud_OS_cmd_injection_file_upload_v10.txt
Sicherheitsupdate für Symantec Endpoint Protection
Symantec Endpoint Protection ist ein Softwarepaket zum Schutz vor Viren und Malware.In Symantec Endpoint Protection 12.1 existiert eine Sicherheitslücke, die es einem Angreifer mit Zugriff auf Ihren Computer unter bestimmten Umständen ermöglicht, diesen zu übernehmen und massiv zu schädigen. Eine weitere Sicherheitslücke in Symantec Endpoint Protection 12.1 und 14.0 ermöglicht es dem Angreifer, beliebige Befehle auf Ihrem Computer auszuführen.
https://www.bsi-fuer-buerger.de/SharedDocs/Warnmeldungen/DE/TW/warnmeldung_tw-t17-0022.html
VU#355151: ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
Vulnerability Note VU#355151 ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities Original Release date: 07 Mar 2017 | Last revised: 07 Mar 2017 Overview According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Description According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version...
http://www.kb.cert.org/vuls/id/355151
Security Advisory: The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23022557.html?ref=rss
Vuln: WePresent WiPG-1500 Device CVE-2017-6351 Hardcoded Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/96588
Vuln: TeX Live CVE-2016-10243 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/96593
IBM Security Bulletins
IBM Security Bulletin: Information Disclosure vulnerability affects IBM DB2 LUW (CVE-2017-1150)
http://www-01.ibm.com/support/docview.wss?uid=swg21999515
IBM Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2016-9131, CVE-2016-9444, CVE-2016-9147, CVE-2016-9778 and CVE-2017-3135)
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021889
IBM Security Bulletin: Multiple cross-site scripting vulnerabilities found in IBM UrbanCode Deploy (CVE-2016-9006)
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000264
IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM Cognos Metrics Manager (CVE-2016-0762, CVE-2016-6816)
http://www-01.ibm.com/support/docview.wss?uid=swg21999723
IBM Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
http://www-01.ibm.com/support/docview.wss?uid=swg21999671
IBM Security Bulletin: A vulnerability in IBM Websphere Application Server affects IBM Cognos Metrics Manager (CVE-2016-5983)
http://www-01.ibm.com/support/docview.wss?uid=swg21999722
IBM Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933)
http://www.ibm.com/support/docview.wss?uid=swg21997223