Tageszusammenfassung - Freitag 14-04-2017

End-of-Shift report

Timeframe: Donnerstag 13-04-2017 18:00 − Freitag 14-04-2017 18:02 Handler: Alexander Riepl Co-Handler: Stephan Richter

Zero Day Exploit: Magento-Onlineshops sind wieder gefährdet

Wer eine Magento-basierte Onlineshop-Lösung verwendet, sollte dringend seine Einstellungen überprüfen. Ein Sicherheitslücke erlaubt die Kompromittierung der Installation und bringt die Kunden in Gefahr. Der Hersteller arbeitet wohl an einem Patch, kommuniziert dies jedoch nicht vernünftig.

https://www.golem.de/news/zero-day-exploit-magento-onlineshops-sind-wieder-gefaehrdet-1704-127319-rss.html

Exploit Kit Activity Quiets, But Is Far From Silent

Here are the exploit kits to watch for over the next three to six months.

http://threatpost.com/exploit-kit-activity-quiets-but-is-far-from-silent/124461/

Shadow Brokers Release New Batch of Files Containing Windows and SWIFT Exploits

On Good Friday and ahead of the Easter holiday, the Shadow Brokers have dumped a new collection of files, containing what appears to be exploits and hacking tools targeting Microsofts Windows OS and the SWIFT banking system. [...]

https://www.bleepingcomputer.com/news/security/shadow-brokers-release-new-batch-of-files-containing-windows-and-swift-exploits/

BSI definiert Mindeststandard für sichere Web-Browser

Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat Mindestanforderungen für sichere Web-Browser veröffentlicht. In einer Tabelle vergleicht die Behörde vier aktuelle Browser - einer wies demnach eine schwerwiegende Einschränkung auf.

https://heise.de/-3686044

Phishing with Unicode Domains

If I told you this could be a phishing site, would you believed me? tl;dr: check out the proof-of-concept

https://www.xudongz.com/blog/2017/idn-phishing/

Critical Patch Update - April 2017 - Pre-Release Announcement

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

2017-04 Security Bulletin: EX Series: Crafted IPv6 NDP packet causing a slow memory leak on EX Series Switches (CVE-2017-2315)

A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switches to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service.

https://kb.juniper.net/InfoCenter/index/content&id=JSA10781

Heap Overflow Vulnerability in Citrix NetScaler Gateway Could Result in Arbitrary Code Execution

A heap overflow vulnerability has been identified in Citrix NetScaler Gateway that could allow a remote, authenticated user to execute arbitrary commands on the NetScaler Gateway appliance as a root user.

https://support.citrix.com/article/CTX222657

cURL and libcurl vulnerability CVE-2016-8622

cURL and libcurl vulnerability CVE-2016-8622. Security Advisory. Security Advisory Description. ** RESERVED ** This candidate ...

https://support.f5.com/csp/article/K23391972

VMSA-2017-0007

VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS

https://www.vmware.com/security/advisories/VMSA-2017-0007.html

Wecon Technologies LEVI Studio HMI Editor

This advisory contains mitigation details for heap-based buffer overflow and stack-based buffer overflow vulnerabilities in the Wecon Technologies LEVI Studio HMI Editor.

https://ics-cert.us-cert.gov/advisories/ICSA-17-103-01

Schneider Electric Modicon M221 PLCs and SoMachine Basic

This advisory contains mitigation details for use of hard-coded cryptographic key and protection mechanism failure vulnerabilities in Schneider Electric's Modicon M221 PLCs and SoMachine Basic.

https://ics-cert.us-cert.gov/advisories/ICSA-17-103-02

IBM Security Bulletins

IBM Security Bulletin: Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services potential Cross Site Scripting vulnerabilities (CVE-2017-1160)

http://www.ibm.com/support/docview.wss?uid=swg22001574

IBM Security Bulletin: IBM API Connect Developer Portal is vulnerable to unauthenticated remote code execution (CVE-2017-1161)

http://www.ibm.com/support/docview.wss?uid=swg22000316

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services

http://www.ibm.com/support/docview.wss?uid=swg22001536

IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by tar vulnerabilities (CVE-2010-0624 CVE-2016-6321)

http://www.ibm.com/support/docview.wss?uid=isg3T1025085

IBM Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerability (CVE-2016-6816)

http://www-01.ibm.com/support/docview.wss?uid=swg21998864

IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight

http://www.ibm.com/support/docview.wss?uid=swg21999652

IBM Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1

http://www.ibm.com/support/docview.wss?uid=swg21999649

IBM Security Bulletin: Unvalidated redirection URL vulnerability in IBM Marketing Platform (CVE-2016-0228)

http://www-01.ibm.com/support/docview.wss?uid=swg22001952 Next End-of-Shift report: 2017-04-18