End-of-Shift report
Timeframe: Mittwoch 08-03-2017 18:00 − Donnerstag 09-03-2017 18:00
Handler: Stephan Richter
Co-Handler: n/a
Jetzt patchen! Apache Struts 2 im Visier von Hackern
Derzeit nutzen Angreifer gehäuft eine kritische Sicherheitslücke in dem Framework aus und versuchen so Web-Server zu übernehmen. Neue Versionen und Workarounds schaffen Abhilfe.
https://heise.de/-3648065
Uncovering cross-process injection with Windows Defender ATP
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft...
https://blogs.technet.microsoft.com/mmpc/2017/03/08/uncovering-cross-process-injection-with-windows-defender-atp/
#APF17: Call for Papers
ENISA's Annual Privacy Forum (APF) is to be held in Vienna on the 7th and 8th June 2017, in collaboration with the Law Faculty of the University of Vienna.
https://www.enisa.europa.eu/news/enisa-news/apf17-call-for-papers
185.000 unsichere Webcams könnten Hackern private Einblicke gewähren
Ein Sicherheitsforscher stieß auf kritische Sicherheitslücken in einer chinesischen Webcam. Das Problem ist, viele Hersteller setzen auf die verwendete Software und verkaufen angreifbare Kameras unter ihrer Marke.
https://heise.de/-3648458
Emsisoft Releases a Decryptor for the CryptON Ransomware
Yesterday, Emsisofts CTO and malware researcher Fabian Wosar? released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable. [...]
https://www.bleepingcomputer.com/news/security/emsisoft-releases-a-decryptor-for-the-crypton-ransomware/
SECURITY BULLETIN: Multiple Vulnerabilities in Trend Micro Deep Discovery Email Inspector 2.5.1
Trend Micro has released a Critical Patch for Deep Discovery Email Inspector (DDEI) 2.5.1. This Critical Patch resolves multiple vulnerabilities related to the user interface (UI) and authentication.
https://success.trendmicro.com/solution/1116750
Security Notice - Statement on Security Researcher Revealing XSS Security Vulnerability in Huawei HG658 V2 on Packet Storm Website
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170308-01-hg658-en
VU#305448: D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability
D-Link DIR-850L, firmware versions 1.14B07, 2.07.B05, and possibly others, contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected.
http://www.kb.cert.org/vuls/id/305448
Bugtraq: [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution
http://www.securityfocus.com/archive/1/540239
Bugtraq: [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download
http://www.securityfocus.com/archive/1/540241
Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029
Advisory ID: DRUPAL-SA-CONTRIB-2016-029Project: Services (third-party module)Version: 7.xDate: 2017-March-08Security risk: 21/25 ( Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Arbitrary PHP code executionDescriptionThis module provides a standardized solution for building APIs so that external clients can communicate with Drupal.The module accepts user submitted data in PHPs serialization format ("Content-Type: application/vnd.php.serialized")
https://www.drupal.org/node/2858847
PRLP - Critical - Access Bypass and Privilege Escalation - SA-CONTRIB-2017-030
Advisory ID: DRUPAL-SA-CONTRIB-2017-030Project: Password Reset Landing Page (PRLP) (third-party module)Version: 8.xDate: 2017-March-08Security risk: 16/25 ( Critical) AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypass, Privilege escalationDescriptionThis module adds a form on the password-reset-landing page to allow changing the password of the user during the log in process.The module does not sufficiently validate all access tokens, which allows an attacker to...
https://www.drupal.org/node/2858880
Vuln: Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
http://www.securityfocus.com/bid/96731
Vuln: Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
http://www.securityfocus.com/bid/96730
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities affect Rational Rhapsody Design Manager with potential for security attacks
http://www.ibm.com/support/docview.wss?uid=swg21999960
IBM Security Bulletin: Information disclosure vulnerability affects IBM Sterling B2B Integrator (CVE-2016-5986)
http://www-01.ibm.com/support/docview.wss?uid=swg21998463
IBM Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436)
http://www.ibm.com/support/docview.wss?uid=swg21999781
IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360)
http://www-01.ibm.com/support/docview.wss?uid=swg21996748