End-of-Shift report
Timeframe: Freitag 24-03-2017 18:00 − Montag 27-03-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
SAP NetWeaver J2EE Platform Security
In the previous article, we discussed SAP NetWeaver ABAP Platform and its vulnerabilities. Today's topic is the J2EE platform, its architecture, vulnerabilities, and the latest trends in its cyber security.
http://resources.infosecinstitute.com/sap-netweaver-j2ee-platform-security/
[Update] Ungepatchte SAP-Systeme angreifbar für Remote Code Execution
Wenn die im Rahmen des SAP Security Patch Day im März 2017 veröffentlichten Patches nicht umgehend eingespielt werden, droht die Kompromittierung zentraler Datenbestände, warnen SAP-Kenner.
https://heise.de/-3664479
Amazon-Phishingmail: Rechnung über Ihre Verkäufergebühren
In einer angeblichen Nachricht von "Europe Amazon" erhalten Kund/innen die Information, dass ihr "Duplikat der elektronisch erzeugten Steuerrechnung" verfügbar sei. Sie können es in einem beigefügten Dokument, das den Login-Bereich von Amazon imitiert, herunterladen. Es handelt sich um einen Phishingversuch.
https://www.watchlist-internet.at/phishing/amazon-phishingmail-rechnung-ueber-ihre-verkaeufergebuehren/
Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges. A report from a trusted partner identified a zero-day exploit for this vulnerability. The exploit targeted older versions of Windows and allowed attackers to elevate process privileges on these platforms.
https://blogs.technet.microsoft.com/mmpc/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Dashboard Framework
http://www-01.ibm.com/support/docview.wss?uid=swg22000663
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Web Experience Factory
http://www-01.ibm.com/support/docview.wss?uid=swg22000643
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition
http://www.ibm.com/support/docview.wss?uid=swg22000871
IBM Security Bulletin: Vulnerabilities in zlib affect IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)
http://www.ibm.com/support/docview.wss?uid=swg22000608
IBM Security Bulletin: Privilege Escalation vulnerability affects Cognos Business Intelligence (CVE-2016-8960)
http://www-01.ibm.com/support/docview.wss?uid=swg21993718
IBM Security Bulletin: Vulnerability in OpenSSL affects LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2016-8610)
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099549
IBM Security Bulletin: Vulnerabilities in SSH affect IBM DataPower Gateways (CVE-2016-10009, CVE-2016-10012)
http://www-01.ibm.com/support/docview.wss?uid=swg22000413&myns=swgws&mynp=OCSS9H2Y&mync=E&cm_sp=swgws-_-OCSS9H2Y-_-E
IBM Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024968
IBM Security Bulletin: IBM Sterling Selling and Fulfillment Foundation is affected by Cross Site Scripting (XSS) Vulnerability (CVE-2016-8917)
http://www.ibm.com/support/docview.wss?uid=swg22000943
IBM Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology
https://www.ibm.com/support/docview.wss?uid=swg22000784
IBM Security Bulletin: Vulnerability in GSKit affects IBM Sterling Connect:Direct for UNIX (CVE-2016-2183)
https://www-01.ibm.com/support/docview.wss?uid=swg22000927
IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-9990)
http://www-01.ibm.com/support/docview.wss?uid=swg21998824