End-of-Shift report
Timeframe: Dienstag 07-03-2017 18:00 − Mittwoch 08-03-2017 18:00
Handler: Olaf Schwarz
Co-Handler: Petr Sikuta
Co-Handler: Stephan Richter
Little Monsters: Nutzerdaten aus Lady Gagas Social Network sollen geleakt sein
Bei Lady Gagas App Little Monsters scheinen Nutzerdaten abhanden gekommen zu sein. Im Netz kursiert eine Datenbank mit privaten Daten von knapp einer Million Nutzer.
https://heise.de/-3646447
Payments Giant Verifone Investigating Breach
Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was "limited" and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the...
https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/
The HTTPS interception dilemma: Pros and cons
HTTPS is the bread-and-butter of online security. Strong cryptography that works on all devices without complicating things for users. Thanks to innovative projects like Let's Encrypt, adoption of HTTPS is rising steadily: in mid-2015 it was at 39%, now it's at 51% of HTTPS requests. Recent research shows however that HTTPS interception happens quite often. In fact, about 10% of connections to CloudFlare are intercepted, and the main culprits are enterprise network monitoring...
https://www.helpnetsecurity.com/2017/03/08/https-interception-dilemma/
Start of the Android Security Symposium 2017
Today starts the Android Security Symposium at the Technical University of Vienna, courtesy of the Josef Ressel Center u'smile. The upcoming three days are packed with presentations surrounding the entire Android security ecosystem, ranging from presentations about the security architecture of Android by Google and AT&T right this morning, to secure app development, novel attacks,...
https://www.sba-research.org/2017/03/08/start-of-the-android-security-symposium-2017/
21% of websites still use insecure SHA-1 certificates
New research from Venafi Labs shows that 21 percent of the world's websites are still using certificates signed with the vulnerable Secure Hash Algorithm, SHA-1. On February 23, 2017, Google affiliated security researchers announced they cracked the SHA-1 security standard using a collision attack. The incident proved that the deprecated cryptographic secure hash algorithm still used to sign many website digital certificates can be manipulated. Newly issued certificates using the SHA-2...
https://www.helpnetsecurity.com/2017/03/08/insecure-sha-1-certificates-usage/
NetIQ Access Manager Directory Traversal Flaw Lets Remote Authenticated Admin Users Download Arbitrary Files on the Target Admin Console System
http://www.securitytracker.com/id/1037935
Bugtraq: Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead
http://www.securityfocus.com/archive/1/540234
Bugtraq: [security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities
http://www.securityfocus.com/archive/1/540233
[2017-03-08] Multiple vulnerabilities in Navetti PricePoint
Navetti PricePoint is vulnerable against a broad range of typical application based vulnerabilities. On one hand an attacker is able to execute arbitrary JavaScript code in the context of an arbitrary user. On the other hand, an attacker is able to read out the contents of the applications database due to missing input validation. Furthermore an attacker can use cross-site request forgery to perform arbitrary web requests with the identity of the victim without being noticed by the victim.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170308-0_Navetti_PricePoint_Multiple_Vulnerabilities_v10.txt
BlackBerry powered by Android Security Bulletin - March 2017
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
http://support.blackberry.com/kb/articleDetail?articleNumber=000039151
DFN-CERT-2017-0404: Red Hat JBoss Enterprise Web Server: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0404/
Vuln: Mozilla Firefox and Thunderbird Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/96693
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
Bugtraq: [security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution
http://www.securityfocus.com/archive/1/540238
[R1] Tenable Appliance 4.5.0 Fixes Multiple Vulnerabilities
http://www.tenable.com/security/tns-2017-07
Schneider Electric Wonderware Intelligence
This advisory contains mitigation details for a credentials management vulnerability in Schneider Electrics Wonderware Intelligence software.
https://ics-cert.us-cert.gov/advisories/ICSA-17-066-01
F5 Security Advisories
Security Advisory: tcpdump vulnerabilities CVE-2016-7975, CVE-2016-7986, and CVE-2017-5341
https://support.f5.com:443/kb/en-us/solutions/public/k/55/sol55129614.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, and CVE-2017-5342
https://support.f5.com:443/kb/en-us/solutions/public/k/04/sol04225025.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, and CVE-2016-7933
https://support.f5.com:443/kb/en-us/solutions/public/k/39/sol39512927.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486
https://support.f5.com:443/kb/en-us/solutions/public/k/31/sol31997425.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, and CVE-2016-7939
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49144112.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2016-7926, CVE-2016-7932, and CVE-2016-7938
https://support.f5.com:443/kb/en-us/solutions/public/k/72/sol72403108.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, and CVE-2016-7927
https://support.f5.com:443/kb/en-us/solutions/public/k/77/sol77384526.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7983, and CVE-2016-7984
https://support.f5.com:443/kb/en-us/solutions/public/k/94/sol94010578.html?ref=rss
Security Advisory: tcpdump vulnerabilities CVE-2016-7985, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, and CVE-2016-8575
https://support.f5.com:443/kb/en-us/solutions/public/k/94/sol94778122.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in BIND impact AIX (CVE-2016-9131)
http://aix.software.ibm.com/aix/efixes/security/bind_advisory15.asc
IBM Security Bulletin: IBM WebSphere MQ proliferation of channel agents causes denial of service (CVE-2017-1145)
http://www-01.ibm.com/support/docview.wss?uid=swg21999672
IBM Security Bulletin: IBM Content Navigator Cross Site Scripting Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21999736
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Asset Analyzer
http://www-01.ibm.com/support/docview.wss?uid=swg21999881
IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-6303, CVE-2016-2182, CVE-2016-2178, CVE-2016-6306, CVE-2016-2183, CVE-2016-2177, CVE-2016-7052)
http://www.ibm.com/support/docview.wss?uid=swg21999451
IBM Security Bulletin: A security vulnerability has been identified in IBM Reliable Scalable Cluster Technology shipped with IBM Tivoli System Automation for Multiplatforms (CVE-2017-1134).
http://www.ibm.com/support/docview.wss?uid=swg21998459
IBM Security Bulletin: IBM MessageSight affected by GSKit Sweet32 Birthday attacks (CVE-2016-2183)
http://www.ibm.com/support/docview.wss?uid=swg21999452
IBM Security Bulletin: OpenNTF project Social Business SDK CVE-2016-3092
http://www.ibm.com/support/docview.wss?uid=swg21999337